This Privacy Notice describes how Loney Stewart Holland LLP collects, uses and shares the personal information you provide to us and the personal information we collect through the operation of our business and website.
In this Notice references to “we”/“us”/“our” are to Loney Stewart Holland LLP, the controller responsible for your personal data. Our registered office is at One Temple Quay, Temple Back East, Bristol BS1 6DZ. We are authorised and regulated by the Solicitors Regulation Authority. If you have any questions regarding this Notice, including a request to exercise your legal rights, you may contact us using the details set out below.
We may revise this Notice at any time so please check it regularly.
1. Information we collect and how we collect it
Personal information, or personal data, is any information about an individual from which that person can be identified. We use various different methods to collect data from and about you including:
Information obtained from you
We will process personal information that you give to us including when you email us or contact us in various ways as follows:
- Direct interaction: by filling in forms or by engaging with us by post, phone, email, online or otherwise you may provide your name, telephone number, email address, postal address, content/date/time of your correspondence and information about your business or employer.
- Use of our website: when you contact us with queries through our website or sign up to newsletters, events or similar you may also provide the information referred to above.
- In connection with our provision of legal services: if you are a client of Loney Stewart Holland you will provide us with personal information when you or a business you represent becomes our client. If you are not a client, we may collect or receive your personal information because you are involved in one of our client’s matters (i.e. a counterparty or otherwise in litigation).
- Recruitment: If you apply for a role with us you may provide us with your name, address, telephone number, date of birth, nationality, education and qualification details, gender, your CV and other personal information.
Information obtained from third parties and otherwise
We may also collect personal information through third parties and in other ways such as:
- In connection with our provision of legal services: We might receive information from third parties such as your employer, other parties relevant to the services we are providing (e.g. counterparties in litigation) and others such as regulators and authorities. That information could include your name, contact details, employment details and other information relevant to the legal services that we are providing.
- Recruitment: If you apply for a position with us we may collect personal information relating to past employment, qualifications and education, opinions from third parties about you, past employment history and other details about you, which will be provided to us by a third party that provides background screening services to us.
- In connection with marketing and business development activities: We may receive personal information about you from analytics providers, advertising networks, search information providers, data brokers or aggregators and publicly available sources such as Companies House, the Electoral Register, social media and other information available on the internet.
2. How we use the information we collect
We will only use your personal data when the law allows us to and for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Most commonly, we will use your personal data in the following circumstances:
- To provide legal services to our client.
- Marketing and business development in relation to our services. This may include sending newsletters, legal updates, marketing communications and other information that may be of interest to you. You may opt out of these communications at any time by contacting us.
- To comply with legal and regulatory obligations.
- To exercise or defend our legal rights or for the purpose of legal proceedings.
- To record and monitor use of our website for our business purposes which may include analysis of usage, measurement of site performance and generation of marketing reports.
- For our legitimate business interests such as undertaking business research and analysis, managing the operation of our website and our business.
- To investigate complaints and queries and to prevent and respond to actual or potential fraud or illegal activities.
- Where you have applied for a position with us, to review and process your job application.
- To collate, process and share any statistics based on an aggregation of information held by us provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.
Grounds for using your personal information
We rely on the following legal grounds to process your personal information, namely:
- Performance of a contract - we may need to collect and use your personal information to enter into a contract with you or to perform our obligations under a contract with you.
- Legitimate interest - we may use your personal information for our legitimate interests, some examples of which are given above.
- Compliance with law or regulation - we may use your personal information as necessary to comply with applicable law/regulation.
- Consent - we may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us.
3. How we share information with third parties
We may have to share your personal information with parties outside of Loney Stewart Holland for the purposes set out above. These third parties may include:
- Agents, suppliers or contractors in connection with the processing of your personal information for the purposes described in this Notice. This may include, but is not limited to, IT, system administration, case/client management and communications service providers.
- Third parties relevant to the legal services that we provide. This may include, but is not limited to, counterparties to litigation, other professional service providers/advisors, regulators, authorities and governmental institutions.
- To the extent required by law, regulation or court order, for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation.
- Third parties relevant to the marketing and business development activities we undertake, for example marketing and business development agents and consultants who provide such services on our behalf.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Notice.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
If and where we transfer your personal information outside of the Europe Economic Area (EEA), we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
In some circumstances the law may permit us to otherwise transfer your personal information outside of the EEA. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.
4. Keeping your information and security
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it and/or are lawfully using it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal information we consider the amount, nature, and sensitivity of the information, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process the information and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will ensure that the personal information that we hold is subject to appropriate security measures.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
5. Your legal rights in relation to the information
Under certain circumstances you have rights under data protection laws in relation to your personal data. These include:
- Requesting access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Please note that there may be circumstances in which we are entitled to refuse requests, such as where privilege applies.
- Requesting correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide.
- Requesting that we erase your personal information. Please note that there may be circumstances where we may not be able to comply with your request for legal reasons, which we will notify you of if applicable.
- Objecting to and/or requesting that we restrict our processing of your personal information. Again, there may be circumstances where we are legally entitled to refuse that request.
- Requesting the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdrawing your consent where we are relying on consent to process your information. This may mean we are unable to provide certain services to you and, in certain circumstances, it may be lawful for us to continue processing without your consent if we have another legitimate reason for doing so.
Further information regarding your rights can be found here.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or to request to exercise of any of the rights referred to above, please contact us at firstname.lastname@example.org or Loney Stewart Holland LLP, One Temple Quay, Temple Back East, Bristol BS1 6DZ, addressing your correspondence to the Data Protection Officer.
Please note that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with any concerns so please contact us in the first instance.