What is the purpose of this document?
Willans LLP is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you, in accordance with the General Data Protection Regulation (GDPR). It applies to all clients, prospective clients and business contacts about whom we hold personal information. We may update this notice at any time.
Willans LLP is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. Our business address is 28 Imperial Square, Cheltenham, Gloucestershire GL50 1RH, United Kingdom.
If you are our client, you should also refer to the information about protection of personal data which we gave you in our client terms of business, when we started acting for you on your particular legal matter.
What personal data about you may we collect?
We may collect, store, and use the following categories of personal information about you:
- personal contact details such as name, title, addresses, telephone numbers, and personal email addresses, social media profile addresses.
- job title
- employer or business name.
- personal and business interests
- the history of our communications with you
- your likely legal needs.
How may we collect personal data about you?
We will only ever start to collect, store and use personal information about you if you have consented to it. In most cases we will collect directly from you, with your consent. However we may amplify that information over time, from publicly available sources such as your company website or your social media profile, or from our subsequent communications with you.
Why will we collect, store and use personal data about you?
We collect, store and use personal data about you in order to:
- inform you about our firm’s services and news
- update you on relevant legal developments via newsletters and/or e-bulletins
- invite you to seminars and workshops on legal topics
- invite you to charity and/or corporate hospitality events we are organising.
Will your personal data be shared with third parties?
Privacy is important to us; therefore, it goes without saying that we would never sell, rent or give your personal information to any third party without your consent.
We may in the future use a third party marketing automation platform, in which case your name and email address (but no other personal information) may be stored on that third party’s servers within the European Economic Area.
Any such third-party service provider will be required to take appropriate security measures to protect your personal information in line with our policies. We would not allow any third-party service providers to use your personal data for their own purposes. We would only permit them to process your personal data for specified purposes and in accordance with our instructions.
Will we transfer your personal data outside the European Economic Area?
Not without your knowledge and consent.
What choices do you have?
When we collect your information we will give you options as to how you wish to hear from us (eg. email, post) and for what purposes (eg legal updates and newsletters, invitations to legal seminars and talks, and/or invitations to charity and/or corporate hospitality events). If you wish to change these preferences at any time, or to unsubscribe from communications, please email email@example.com
How long will we keep your personal data?
We will keep your personal data for the above purposes until either (i) we become aware it is no longer valid, or (ii) you ask us to delete it.
What rights do you have?
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to request:
- access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact firstname.lastname@example.org.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact email@example.com. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
The firm’s Compliance Officer for Legal Practice (COLP) has responsibility for overseeing compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact firstname.lastname@example.org. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Privacy notice for clients
The information below supplements our general privacy notice listed above and applies specifically to our clients.
The EU General Data Protection Regulation and the Data Protection Act 2018 require us to advise you that your particulars are held on our database and we shall process your information in accordance with the requirements of data protection legislation. We will use the information you provide primarily for the provision of legal services to you in accordance with our retainer with you, but also for related purposes, including updating and enhancing client records, analysis to help us manage our practice, statutory returns and legal and regulatory compliance, and providing you with legal updates directly relevant to your matter during your retainer and after it has ended (you may opt out of these updates at any time).
Any personal data we receive from you for the purposes of our money laundering checks will be processed only for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with your express consent.
Our use of this information is subject to your instructions, data protection law and our duty of confidentiality. The related purposes referred to above are either in your or our legitimate interests, or our legal obligations.
If you send us personal data about anyone other than yourself you should ensure that, where appropriate, you have any appropriate consents and notices in place to enable you to transfer that personal data to us, and so that we may use it for the purposes for which you provide it to us.
In particular circumstances, we may disclose the information that you have provided or that we have collected or received about you to other persons and organisations. For example, this information may be disclosed to other suppliers of professional services (e.g. barristers, accountants or expert witnesses) whom we are instructing on your behalf or who are appointed by another party to your matter; suppliers of administrative, accountancy and audit, financial/banking and technical services; the courts, governmental and regulatory authorities and organisations that regulate the legal profession. All such third parties are required to maintain confidentiality in relation to your files.
We may be required to produce all or part of your file to assessors appointed as part of an audit, or a quality check in connection with our Lexcel, Law Society Conveyancing Quality Scheme or other accreditation. Whilst our participation is such quality schemes is not mandatory, we consider participation to be in the best interests of our clients as it promotes good management of our practice and helps ensure our compliance with professional and other obligations. We use an external IT maintenance provider who has entered into a confidentiality agreement. In contentious matters it is sometimes necessary to send your file to a costs draftsman to prepare a bill of costs and to produce your file to the court. These disclosures are a necessary part of carrying out your instructions. If you make a claim against this firm or we consider circumstances have arisen which may give rise to a claim and which we are obliged to notify our insurers, then it may be necessary for us to supply a copy of your file to our insurers. We consider that it is in our legitimate interests to do so.
We may arrange for certain administrative and clerical tasks to be carried out by persons not directly employed by us. These tasks include printing and posting hard copies of our newsletter, generation and monitoring of emails for marketing purposes (including legal updates) and online verification of your identity (see money laundering). Where we do this, information about you will be provided to a third party and stored by them in order to perform such tasks. We will always have a confidentiality agreement in place with such persons. To enable us to send invitations to events or seminars and legal updates to you by email (if we think these may be of interest to you, and if you have consented) and to request feedback from you if you have attended one of our seminars, your data may be transferred to and stored and processed at a destination outside the European Economic Area. By agreeing to these terms and conditions of business, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with these terms and conditions and with data protection legislation. If you do not wish us to allow persons who are not directly employed to carry out such tasks, please tell us as soon as possible. We do not use third parties for typing documents or correspondence in relation to client work. We will not release your details to a third party in a way which would enable a third party to market themselves or their services to you.
You have the right to access any personal data that we hold about you. We seek to keep that personal data correct and up to date. You should let us know if you believe the information we hold about you needs to be corrected or updated. Further details about how to do this can be found on the Information Commissioner’s Office website at www.ico.gov.uk. You have the right to make a complaint to the Information Commissioner’s Office if you are unhappy about the way in which we handle your data.
Willans LLP is registered with the Information Commissioner’s Office as a data controller for the purposes of data protection law under registration number Z597775X.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time.