1. INTRODUCTION AND DEFINITIONS
Stephens Wilmot Ltd (“we“, “our” and “us“) is committed to protecting and respecting your privacy.
This notice, and any other documents referred to below, sets out the basis on which any personal data, which we collect about you, that you provide to us or that we have received from a third-party source, will be processed by us.
If you have questions about correcting or deleting your personal data please refer to section 7 (Your
rights) below.
References in this notice to “data protection law” mean the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.
References in this notice to “sensitive personal data” and “personal information” shall have the same meaning as “special categories of data” and “personal data“, respectively, under data protection law. References to “information” shall also include “sensitive personal data“, where applicable.
2. OUR DETAILS
The data controller with conduct of your personal information is Stephens Wilmot Ltd of Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ.
Our data protection officer is Daniel Wilmot, who can be contacted:
3. HOW WE USE YOUR INFORMATION
This part of the notice explains what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.
We process information for different categories of people in different ways. For that reason, we have separated this part of the notice into different sections – one for each category of people. Please read each section which applies to you, as you may fall within more than one category. Once you have finished reading each section which applies to you, please resume reading from section 4 (Anti-money laundering procedures) onwards as this information applies to all categories of people.
SECTION A VISITORS TO OUR WEBSITE
This section applies to you if you visit our website.
Third party websites
Our website may, from time to time, contain links to and from third party websites, including social media sites. If you follow a link to any of these websites, please note that these sites have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check their privacy notice before you submit any personal data to those websites.
What information do you process and for what purpose?
We process information which you submit to us through our website, including our contact forms and blog comments section. This can include your name, email address, telephone number and, depending on the nature of your enquiry, personal information about you. If you make an enquiry with us and provide us with sensitive personal information then we will process that information in a similar way, taking into account the heightened importance of maintaining the privacy and security of such information.
Through our website, we also collect non-personal identifying information about you. This includes technical information, such as your IP address, your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages. For further details on how we use cookies, please see section 8 (Cookies) below.
We use this information to:
What are your legal grounds for processing my information?
We process your information on the following legal grounds:
How long do you keep my information for?
We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
For visitors of our website, we typically retain your information for the following periods of time:
Upon expiry of the applicable retention period we will either:
Who is my information shared with and for what purpose?
Your personal information is not shared with anyone except where we are required to do so to process your enquiry, to comply with the law, to protect our rights or to update or maintain our website or IT systems.
In order to achieve these purposes, we will share your data with the following people or groups of people:
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
SECTION B PROSPECTIVE CLIENTS
This section applies to you if you have made an enquiry about our services and/or have begun the process of instructing us to advise you.
Once you become a client of ours then Section C (Clients) will also apply to you.
What information do you process and for what purpose?
We process information which you provide to us, which we receive from third parties or which we obtain from third party sources. If you are an employee, officer or other representative of a company or body which is not an individual and that company or body is to be our client, the below personal information will relate to you and, in some circumstances, your colleagues or fellow officers or representatives.
The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 4 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.
Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation. We may also process information about your personal finances.
In limited circumstances, we may also process information about criminal convictions you may have.
We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.
We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 4 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company officer’s information obtained through Companies House).
We use this information to:
What are your legal grounds for processing my information?
We process your information on the following legal grounds:
How long do you keep my information for?
We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
For prospective clients, we typically retain your information for the following periods of time:
Upon expiry of the applicable retention period (but subject to any ongoing legal obligations under which we may have to keep your information for a longer period), we will:
Who is my information shared with and for what purpose?
Your personal information is not shared with anyone except where we are required to do so to process your enquiry, to comply with the law, to protect our rights or to update or maintain our website or IT systems.
In order to achieve these purposes, we will share your data with the following people or groups of people:
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
SECTION C CLIENTS
This section applies to you if you are personally a client of ours and/or if you are an employee, officer or representative of an organisation which is a client of ours. It also applies to former clients and their employees, officers and representatives.
What information do you process and for what purpose?
We process information which you provide to us, which we receive from third parties or which we obtain from third party sources. If you are an employee, officer or other representative of a company or body which is not an individual and that company or body is to be our client, the below personal information will relate to you and, in some circumstances, your colleagues or fellow officers or representatives.
The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. In certain circumstances we may additionally need to confirm your place of birth and national insurance number (or local equivalent). Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 4 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.
Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation and other personal information relevant to the matter that you have instructed us on.
If we administer an oath or statutory declaration for you by video call then we will record the audio and video of that call.
In limited circumstances, we may also process information about criminal convictions you may have.
We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.
We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 4 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company’s officer’s information obtained through Companies House).
We use this information to:
What are your legal grounds for processing my information?
We process your information on one or more of the following legal grounds:
How long do you keep my information for?
We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
In most cases we will retain a record of your personal information for 15 years from the date of closure of your file, at which point the contents of the file are destroyed.
Unless a longer retention period applies, if a matter concerns a child then we will keep the file for eight years following the eighteenth birthday of the child (or the youngest child if the matter concerns more than one).
Different retention periods apply to wills matters and matters concerning the administration of estates.
If you are raising a complaint with the firm, the retention period of the complaint file is 15 years.
These retention periods are given as a general guide and may vary depending on the nature of your matter and the forms of documentation in which your personal information is recorded.
Upon expiry of the applicable retention period and subject to any ongoing legal obligations we may have to keep your information for a longer period, we will:
Who is my information shared with and for what purpose?
Over the course of our instruction, your personal information may legitimately be shared with a number of third parties. We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.
In order to achieve these purposes, we will share your data with the following people or groups of people:
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
SECTION D SUPPLIERS, CONTRACTORS AND THEIR EMPLOYEES / REPRESENTATIVES
This section applies to you if you are a supplier or contractor of ours, or you work for or represent a supplier or contractor of ours. For this purpose, ‘suppliers’ and ‘contractors’ include ‘potential suppliers’ and ‘potential contractors’, i.e. where communications are sent between us with a view to establishing a supplier or contractor relationship.
What information do you process and for what purpose?
If you are a sole trader or partner in a legal partnership then we may receive personal information from you directly or from an employee or representative of your business. If you are a contact for an organisation then we may receive your contact details from you directly, from another employee or representative of the organisation. In some circumstances, we may also be provided your information by a third party, for example where they refer you to us.
We will typically process the following personal information about you: your name, email address, telephone number, contact address, job description or specialism and details of your employer or the organisation you represent. If you are a sole trader or a partner in a legal partnership then you may be personally identifiable from your business’ banking information provided to us.
We use this information to:
What are your legal grounds for processing my information?
We process your information on the following legal grounds:
How long do you keep my information for?
We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
We typically keep your information for the following periods:
These periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises or where we consider there is a reasonable business needs (our legitimate interest) to keep your information which is not overridden by your rights and freedoms as a data subject.
Who is my information shared with and for what purpose?
We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.
In order to achieve these purposes, we will share your data with the groups of people:
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
SECTION E ALL OTHER PEOPLE, INCLUDING COUNTERPARTIES IN LEGAL DISPUTES, REFERRERS, POTENTIAL REFERRERS AND BUSINESS CONTACTS
For any other person for whom we process personal data, such processing is carried out only insofar as is necessary for us to provide our services, administer our business or comply with our legal obligations.
If you are a counterparty in a legal claim or dispute then we will typically receive personal information about you from your legal representation or from you directly.
What information do you process and for what purpose?
In all cases, we may receive information including your name, address, date of birth and email address. Depending on the circumstances, we may receive significantly more categories of information than this.
If you are a beneficiary of a trust we are settling or administering then in certain circumstances we will require you to confirm your name, address, date and country of birth, country of residence and national insurance number (or local equivalent). This is because we have a legal obligation to keep a record of this information. Additionally, in certain circumstances we may be required to share certain information about you with HMRC for tax reasons. This information would include your full name, date of birth, national insurance number, telephone number and email address. We will inform you where this is the case.
If you are asked to introduce a client to us by video call in order for us to administer their oath or statutory declaration remotely then we will make a recording of the audio and video from that call.
If you are a counterparty in a legal dispute then we may make enquiries about your finances as part of advising our client on their claim, or potential claim, against you. This may involve contacting other creditors to establish your total liability and carrying out searches of public registers, for example to see if you have a county court judgement registered against you or if your property has a charge registered against it.
What are your legal grounds for processing my information?
We process your information on the following legal grounds:
How long do you keep my information for?
We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.
We typically keep this sort of information for a period of 8 years after the conclusion of the relationship under which your information was given to us. If we received your information in the course of us providing legal services to one of our clients then the retention period will typically end 8 years from the date we close that client file. Our retention periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises.
For video call footage relating to the remote administration of oaths and statutory declarations, we will typically keep the footage for 15 years from the date our matter file is closed.
Who is my information shared with and for what purpose?
We only share your information insofar as is necessary to comply with our lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.
In order to achieve these purposes, we will share your data with the groups of people:
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
4. ANTI-MONEY LAUNDERING PROCEDURES
We have a legal obligation to comply with anti-money laundering laws and regulations. Broadly, money laundering can arise if a person acquires, retains, transfers, uses or controls the proceeds of a crime for the benefit of a criminal activity. In this section, references to money laundering include references to similar financial offences committed in relation to terrorism.
In order to fulfil our legal obligations, we must verify the identity of new clients, and in certain circumstances existing clients. Additionally, from time to time our internal procedures may also require us to conduct background checks on new and existing clients.
This means that, if you are an individual client or prospective individual client of ours then we will need to verify your identity using a secure and confidential ID checking service operated by an external service provider. For individual clients, these identity and background checks may require us to take a copy of your photographic identification and a recent utility bill.
For clients or prospective client which are not individuals, such as companies, we may need to verify the identity of directors, other officers, shareholders, beneficial owners and instructing employees or representatives of the organisation. The checks conducted on these persons are broadly the same as those we conduct on individual clients. We will therefore typically require a copy of the person’s photographic identification and a recent utility bill in order to complete the verification process. In the case of organisations having a different corporate structure, equivalent requirements will apply and we will notify you of these where applicable.
For both individuals and corporate clients (including prospective clients) we may require evidence of source of funds at the outset of our instruction and possibly from time to time throughout our relationship. We may request and/or obtain this information from third party sources. The sources for such verification may comprise documentation which we request from the client (or prospective client) and/or through the use of online sources.
In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. In other circumstances we may agree to commence acting whilst these procedures are carried out. We reserve the right to decline to act or, if appropriate, cease to act should these procedures not be completed to our satisfaction. We may also be required to make detailed enquiries of any unusual transactions such as the transfer of large amounts of cash and such enquiries may result in us processing additional personal information. Grounds for processing your data for anti-money laundering purposes.
Grounds for processing your data for anti-money laundering purposes
We process your information in the manner set out above on the following legal grounds:
Disclosure of your information to third parties for anti-money laundering purposes
For the purposes of carrying out our electronic ID checks, we may share your information with our external ID check providers. Such providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times.
Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.
In certain circumstances, we may process your personal information without further notification to you. This applies, for example, where we make a report in good faith under the Terrorism Act 2000 or Proceeds of Crime Act 2002. Such processing is justified under data protection law on the basis that it is in the substantial public interest.
Retention of personal data for anti-money laundering purposes
We are legally obliged to retain your personal information for anti-money laundering purposes for 5 years from the end of the business relationship or transaction between us. Please refer to our retention periods set out in the appropriate Sections above.
5. AUTOMATED DECISION MAKING
We do not make automated decisions about you based on your information. Should this change then we will let you know.
6. CALL RECORDING
Occasionally we may need to record a telephone call we have with you. This may be in order to collect evidence, to protect our staff or otherwise to create a record of what is being said. We will inform you of our intention to record the call before we start recording. We process your personal information comprised in that call recording on the basis that we have a legitimate interest in doing so. Once recorded, your personal information will otherwise be processed in accordance with one or more of the preceding sections A to E, depending on our relationship with you.
7. YOUR RIGHTS
Under data protection law you have the following rights:
please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent. Furthermore, we may have a legal obligation or right to retain your information on our files notwithstanding that you have withdrawn your consent to our processing. Should this be the case, we will notify you around the time we acknowledge your withdrawal of consent;
For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).
If you wish to complain about how we have handled your personal information then you have the general right to complain to us (in the first instance) and, if you are not satisfied by our response and depending on the nature of the complaint, to the Information Commissioner’s Office and/or the Legal Ombudsman (in the second instance). Our contact details are set out in section 12 (Contact) below and full details of our complaints procedure are available on request.
8. COOKIES
To make our website simpler, small data files are placed on your computer. These are known as cookies. Most big websites do this too.
They improve things by:
Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.
You can opt out of Google Analytics cookies for all sites.
To learn more about cookies and how to manage them, visit AboutCookies.org.
First Party Cookies
These are cookies that are set by our website directly.
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not use cookies to collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
There are also cookies that store basic data on your interactions with WordPress, the CMS running our website.
Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by Twitter, Facebook and Google+. If you want to prevent sites setting third party cookies, instructions to do so are here.
Log Files
Log files allow us to record visitors’ use of the site. These logs are automatically generated from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you.
9. ACCESS TO INFORMATION
Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You may need to send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to your usual point of contact and copied to our Data Protection Officer by email to [email protected] or by post to The Data Protection Officer, Stephens Wilmot Ltd, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ.
We will initially respond to you to confirm the timeframe that is applicable to your request.
If you are requesting copies of documents you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.
In certain circumstances, you may be entitled to receive the information in a structured, commonly used and machine readable form.
10. DATA SECURITY
We have various IT and Security policies in place and we will always store your digital information on secure servers which are based in the UK or a country which the EU has deemed to have adequate security measures in place. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
11. CHANGES TO OUR PRIVACY NOTICE
This notice was last updated on 15th January 2021. Any material changes we may make to our privacy notice in the future will be posted on this page. Where we hold your contract information, material changes to how we collect or use your personal information will be notified to you directly.
12. CONTACT
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to The Data Protection Officer, Stephens Wilmot Ltd, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ Wales or [email protected]
Stephens Wilmot Solicitors is a trading style of Stephens Wilmot Ltd (registered in England and Wales under company registration number 10411634). Authorised and regulated by the Solicitors Regulation Authority (SRA number 635237) VAT Registration Number 305904126. Address: Stephens Wilmot Solicitors, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool, Wales, NP4 0HZ | Tel: 01633 928282 | Email: [email protected]