We are committed to protecting the privacy and security of your personal information.
Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data we are regulated under the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
KEY TERMSPlease familiarise yourself with the following key terms
We, us, our, Elmwoods Law & Mediation
Jonathon Stokes Limited trading as Elmwoods Law & Mediation incorporated and registered in England and Wales with registered number 10664841 whose registered office is at 206 Maling Exchange Hoults Yard, Walker Road, Newcastle Upon Tyne, England, NE6 2HL
Our data protection officer
Any information relating to an identified or identifiable individual
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sexual orientation, or details of criminal offences
PERSONAL DATA WE COLLECT ABOUT YOUThe table below sets out the personal data we will or may collect in the course of advising and/or acting for you.
Personal data we will collect
Personal data we may collect depending on why you have instructed or contacted us
Your name, address and telephone number
Information to enable us to check and verify your identity and to comply with our anti–money laundering obligations e.g. your date of birth or passport details
Your National Insurance and tax details
HOW YOUR PERSONAL DATA IS COLLECTED
We will collect most of the above information from you. The circumstances in which we may collect personal data about you include:
- when you or your organisation seek legal advice from us or use any of our online client services;
- when you correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us;
- when you or your organisation browse, complete a form or make an enquiry or otherwise interact on our website or other online platforms;
- when you or your organisation offer to provide, or provides, services to us; and
- when you attend our seminars or other events or sign up to receive personal data from us, including training.
We may also collect information:
- from publicly accessible sources e.g. Companies House or HM Land Registry;
- directly from a third party e.g.:
– credit reference agencies; and
– agencies providing online identity / money laundering checks.
- from a third party e.g.:
– consultants and other professionals we may engage in relation to your matter;
– your employer and/or trade union, professional body or pension administrators; and
– your doctors, medical and occupational health professionals;
- via our information technology (“IT”) systems e.g.:
– case management, document management and time recording systems; or
– automated monitoring of our websites and other technical systems, such as our computer networks and connections, communications and email systems.
INFORMATION ABOUT OTHER PEOPLE
Should you provide information to us about any person other than yourself, such as your employees, your suppliers, or your counterparties you must ensure that such third parties have been informed and understand how their personal data will be used and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
HOW AND WHY WE USE YOUR PERSONAL DATA
We may use your personal data only for the following purposes:
- to register you as a client of Elmwoods Law & Mediation and provide legal services to you;
- to administer our relationship with you, including processing payments, accounting, auditing, billing and taking other steps linked to the performance of our business relationship;
- to carry out background checks, where permitted;
- compliance with our legal obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, which may include automated checks of personal data you provide about your identity against relevant databases);
- gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies including external audits and quality checks for Lexcel or ISO and the audit of our accounts;
- to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security and internet use;
- to manage access to our premises and for security purposes;
- to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for credit reference checks via external credit reference agencies;
- for insurance purposes;
- to exercise or defend our legal rights, or to comply with court orders;
- for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
- for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
- to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
- to send you details of client surveys and marketing campaigns; and
- to collect information about your marketing preferences to personalise and improve the quality of our communications with you.
Under data protection law, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- to comply with our legal and regulatory obligations;
- because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
- where you have given consent; or
- in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
FAILURE TO PROVIDE INFORMATION
Where we are required by law to collect personal data or in order to perform a contract we have with you or process your instructions and you fail to provide such information when requested, we may be unable to process your instructions or perform the contract we have with you. If so, it may be necessary for us to cancel the contract you have with us. We will, however, notify you of this at the relevant time.
We may use your personal data to send you updates (by email, telephone or post) about legal developments that might be of interest to you and/or information about our services, including seminars or new services or products.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect.
You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:
- contacting us by e-mailing Angela Curran or
- using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
WHO WE SHARE YOUR PERSONAL DATA WITH
We routinely share personal data with:
- professional advisers whom we instruct on your behalf or to whom we refer you or from whom you have been referred to us e.g. counsel, medical professionals, accountants, tax advisors, agents or other experts;
- local and national law enforcement officials and the Court;
- other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
- the Office of the Public Guardian;
- the Inland Revenue Service;
- credit reference agencies and with companies providing services for money laundering and terrorist financing checks and other fraud and crime prevention purposes;
- our insurers and brokers;
- external auditors and regulatory bodies, e.g. in relation to our ISO, Lexcel or Conveyancing Quality Scheme accreditations;
- our auditors;
- our bank; and
- external service suppliers, representatives and agents that we use to make our business more efficient including providers of IT services, PR agencies, offsite storage of computer data, maintenance of office machines, telephone and call recording services, photocopying, storage of completed files and shredding of confidential documents.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
WHERE YOUR PERSONAL DATA IS HELD
Information may be held at our offices, with third party agencies or with service providers as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: ‘Transferring your personal data out of the EEA’.
HOW LONG YOUR PERSONAL DATA WILL BE KEPT
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by you or on your behalf;
- to show that we treated you fairly; and/or
- for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact Angela Curran
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA) e.g.:
- with service providers or advisers located outside the EEA;
- if you are based outside the EEA; or
- where there is an international dimension to the matter in which we are advising you.
These transfers are subject to special rules under European and UK data protection law.
Generally, these non-EEA countries do not have the same data protection laws as the United Kingdom and the EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses or if the recipient is part of the “Privacy Shield” which requires them to provide similar protection to personal data shared between the Europe and the US.
If you would like further information please contact our Data Protection Officer (see ‘How to contact us’ below).
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data—in certain circumstances e.g. if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party
The right to object: — at any time to your personal data being processed for direct marketing; — in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of those rights, please:
- email, call or write to our Data Protection Officer—see below: ‘How to contact us’; and
- let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
RIGHT TO WITHDRAW CONSENT
If you have provided your consent to the processing of your personal data, you have the right to withdraw your consent. If you wish to do so, please contact us or “unsubscribe” to any marketing e-mail we send to you, where relevant.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
KEEPING YOUR PERSONAL DATA SECURE
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
UPDATING YOUR PERSONAL INFORMATION
We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.
HOW TO COMPLAIN
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was published on 18th January 2021.
We may change this privacy notice from time to time.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.