Privacy Statement

1. INTRODUCTION AND DEFINITIONS

Stephens Wilmot Ltd (“we“, “our” and “us“) is committed to protecting and respecting your privacy.
This notice, and any other documents referred to below, sets out the basis on which any personal data, which we collect about you, that you provide to us or that we have received from a third-party source, will be processed by us.

If you have questions about correcting or deleting your personal data please refer to section 7 (Your
rights) below.

References in this notice to “data protection law” mean the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.

References in this notice to “sensitive personal data” and “personal information” shall have the same meaning as “special categories of data” and “personal data“, respectively, under data protection law. References to “information” shall also include “sensitive personal data“, where applicable.

2. OUR DETAILS

The data controller with conduct of your personal information is Stephens Wilmot Ltd of Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ.

Our data protection officer is Daniel Wilmot, who can be contacted:

by email to [email protected]; or
by post to The Data Protection Officer, Stephens Wilmot Ltd, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ.

3. HOW WE USE YOUR INFORMATION

This part of the notice explains what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.

We process information for different categories of people in different ways. For that reason, we have separated this part of the notice into different sections – one for each category of people. Please read each section which applies to you, as you may fall within more than one category. Once you have finished reading each section which applies to you, please resume reading from section 4 (Anti-money laundering procedures) onwards as this information applies to all categories of people.

SECTION A – Visitors to our website;
SECTION B – Prospective clients;
SECTION C – Clients (including former clients);
SECTION D – Suppliers, contractors and their employees and representatives; and
SECTION E – All other people, including counterparties in legal disputes, referrers, potential referrers and business contacts.

SECTION A VISITORS TO OUR WEBSITE

This section applies to you if you visit our website.

Third party websites

Our website may, from time to time, contain links to and from third party websites, including social media sites. If you follow a link to any of these websites, please note that these sites have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check their privacy notice before you submit any personal data to those websites.

What information do you process and for what purpose?

We process information which you submit to us through our website, including our contact forms and blog comments section. This can include your name, email address, telephone number and, depending on the nature of your enquiry, personal information about you. If you make an enquiry with us and provide us with sensitive personal information then we will process that information in a similar way, taking into account the heightened importance of maintaining the privacy and security of such information.

Through our website, we also collect non-personal identifying information about you. This includes technical information, such as your IP address, your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages. For further details on how we use cookies, please see section 8 (Cookies) below.

We use this information to:

pass the details of your enquiry to an appropriate person within the business;
contact you and respond to your enquiry or comment;
publish your blog comment on our website;
conduct administrative or operational processes within our business, including keeping a record of enquiries made, the nature of those enquiries and the outcome of said enquiries;
analyse the operation and use of our website;
where you have opted to receive the same, send you marketing information, including invitations to events which we think would be of interest to you; and
administer any dispute or potential dispute which may arise between us

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

where you have consented to us processing your information for marketing purposes, having given opt-in consent to us adding your information to our marketing database and to sending you marketing communications about our products, services and events which we think will be of interest to you, then our legal ground is that you have consented;
where you have provided us with sensitive personal information, then our legal ground is that you have consented to us processing that information;
where you are contacting us to engage our services, we process information because the processing is necessary for us taking pre-contractual steps in respect of your enquiry
where applicable, we process information on the ground that it is necessary for achieving our legitimate interests of keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, ensuring that your enquiry is dealt with by the appropriate department, including handling any complaint you make or dispute which may arise between us, publishing blog comments and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes; and
we also process information on the ground that the processing is necessary for us to comply with our legal obligations such as, but not limited to, the prevention of fraud, detection and/or prevention of crime.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

For visitors of our website, we typically retain your information for the following periods of time:

for an enquiry which does not result in you (or the organisation you work for or represent) becoming a client or supplier of ours, deletion from the back-end of the website within one month from the date of your enquiry. Hard copy notes retained by the solicitors may be kept for longer;
for occasions when you make an enquiry and you (or the organisation you work for or represent) subsequently become a client of ours, your information will be retained in accordance with our practices for existing clients contained in section C (Current clients) below;
for occasions where you (or the organisation you work for or represent) are a supplier and a contract is entered into with this firm, your information will be retained in accordance with our practices for suppliers contained in section E (Suppliers, contractors and their employees and representatives) below; and
for blog comments, these are currently not deleted, but this is under review. If you ask us to remove your comment, we will consider your request.

Upon expiry of the applicable retention period we will either:

securely destroy your personal data in accordance with applicable laws and regulations; or
anonymise your personal data so that you can no longer be identified from it. In these circumstances, we retain the information indefinitely.

Who is my information shared with and for what purpose?

Your personal information is not shared with anyone except where we are required to do so to process your enquiry, to comply with the law, to protect our rights or to update or maintain our website or IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
our professional advisers, including our auditors (details for which can be found in our accounts) and external legal advisers. These third parties are subject to professional duties of confidentiality. They also operate their own Privacy Notices, which are available from their respective websites;
regulatory and government bodies, where we have a legal obligation to do so; and
any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the recipient agreeing to the European Commission standard contractual clauses. For more information, please contact us using the details set out in section 12 (Contact) below.

SECTION B PROSPECTIVE CLIENTS

This section applies to you if you have made an enquiry about our services and/or have begun the process of instructing us to advise you.

Once you become a client of ours then Section C (Clients) will also apply to you.

What information do you process and for what purpose?

We process information which you provide to us, which we receive from third parties or which we obtain from third party sources. If you are an employee, officer or other representative of a company or body which is not an individual and that company or body is to be our client, the below personal information will relate to you and, in some circumstances, your colleagues or fellow officers or representatives.

The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 4 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.

Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation. We may also process information about your personal finances.

In limited circumstances, we may also process information about criminal convictions you may have.

We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.

We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 4 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company officer’s information obtained through Companies House).

We use this information to:

pass your information and details of your enquiry to an appropriate person within the firm;
contact you and respond to your enquiry, including providing you with a fee and time estimate for our services;
to conduct our anti-money laundering procedures set out in section 4 (Anti-money laundering procedures) below and to otherwise take steps to open your (or the intended client’s) matter on our systems;
conduct administrative or operational processes within our firm, including keeping a record of enquiries made, the nature of those enquiries and the outcome of said enquiries;
to send you marketing information about our services which we think will be of interest to you, including inviting you to Paris Smith events unless you indicate you do not wish to receive these types of communications; and
to administer any dispute or potential dispute which may arise between us.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

the processing is necessary for the performance of the contract between you (or the organisation you work for or represent) and us. This includes where you have instructed us to take some pre-contractual steps (such as providing you with a costs and time estimate for us to provide our services) prior to us formalising the contract;
we are entitled to process your sensitive personal information where you have manifestly made it public knowledge;
where we otherwise process your sensitive personal information, including information about your criminal convictions, the processing is necessary for:
- the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
- is necessary for the purpose of obtaining legal advice; or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
where you have given opt-in consent to us adding your information to our marketing database and to sending you marketing communications, because you have consented to us processing your information for marketing purposes;
the processing is necessary for achieving our legitimate interests of:
- keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, including handling any complaint you make or dispute which may arise between us;
- where we are relying on the soft opt-in under the Privacy and Electronic Communications Regulations in order to send you marketing communications, or those regulations do not otherwise apply, because we have a legitimate interest in keeping you up to date with our services and events; and in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes;
- the processing is necessary for us to comply with our legal and regulatory obligations, this includes but is not limited to the prevention and detection of fraud; and
- where we conduct checks in accordance with our anti-money laundering procedures, these are based on the legal grounds identified in section 4 (Anti-money laundering procedures) below.

How long do you keep my information for?

For prospective clients, we typically retain your information for the following periods of time:

for an enquiry which does not result in you becoming a client of ours, 18 months from the date of your enquiry; and
for occasions when you make an enquiry and you subsequently become a client of ours, your information will be retained in accordance with our practices for existing clients set out in section C (Current Clients) below.

Upon expiry of the applicable retention period (but subject to any ongoing legal obligations under which we may have to keep your information for a longer period), we will:

take appropriate steps to return any original documentation submitted by you to us containing your personal information to you; and/or
anonymise your personal information on our systems so that you can no longer be identified from it; and/or
securely destroy your personal information.

Who is my information shared with and for what purpose?

In order to achieve these purposes, we will share your data with the following people or groups of people:

certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
the persons identified in section 4 (Anti-money laundering procedures), below;
our professional advisers, including our auditors (details for which can be found in our accounts) and external legal advisers. These third parties are subject to professional duties of confidentiality. They also operate their own Privacy Notices, which are available from their respective websites;
regulatory and government bodies, where we have a legal obligation to do so; and
any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

SECTION C CLIENTS

This section applies to you if you are personally a client of ours and/or if you are an employee, officer or representative of an organisation which is a client of ours. It also applies to former clients and their employees, officers and representatives.

What information do you process and for what purpose?

The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. In certain circumstances we may additionally need to confirm your place of birth and national insurance number (or local equivalent). Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 4 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.

Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation and other personal information relevant to the matter that you have instructed us on.

If we administer an oath or statutory declaration for you by video call then we will record the audio and video of that call.

In limited circumstances, we may also process information about criminal convictions you may have.

We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.

We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 4 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company’s officer’s information obtained through Companies House).

We use this information to:

advise you in accordance with the contract for legal services entered into between you (or the organisation you work for or represent) and us and to comply with your lawful instructions under said contract;
from time to time conduct our anti-money laundering procedures set out in section 4 (Anti-money laundering procedures) below;
conduct administrative or operational processes within our business, including keeping a record of current and closed matters, bills raised and records of communications between us and our clients;
send you marketing information about our services which we think will be of interest to you, unless you indicate you do not wish to receive these types of communications;
send you questionnaires about the service you have received from us and to process your responses;
otherwise comply with our legal record keeping obligations; and
administer any dispute or potential dispute which may arise between us.

What are your legal grounds for processing my information?

We process your information on one or more of the following legal grounds:

the processing is necessary for the performance of the contract for legal services entered into between you as an individual and us. This includes where you have instructed us to take pre-contractual steps (such as providing you with a costs and time estimate for us to provide our services) prior to us formalising the contract;
we are entitled to process your sensitive personal information where you have manifestly made it public knowledge;
where we otherwise process your sensitive personal information, including information about your criminal convictions, the processing is necessary for:
- the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
- is necessary for the purpose of obtaining legal advice; or
- is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
where you have given opt-in consent to us adding your information to our marketing database and to sending you marketing communications, because you have consented to us processing your information for marketing purposes;
the processing is necessary for achieving our legitimate interests of:
performance of the contract for legal services entered into between the organisation that you work for or represent and us. This includes where you have instructed us to take pre-contractual steps (such as providing you with a costs and time estimate to for us to provide our services) prior to us formalising the contract;
keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, including handling any complaint you make or dispute which may arise between us;
monitoring client satisfaction, including sending you a client satisfaction survey and asking you for testimonials for our marketing purposes;
making submissions to legal directories (such as The Legal 500 and Chambers and Partners) to promote the breadth and quality of work we do; and
where we are relying on the soft opt-in under the Privacy and Electronic Communications Regulations in order to send you marketing communications, or those regulations do not otherwise apply, because we have a legitimate interest in keeping you up to date with our services and events, and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes;
the processing is necessary for us to comply with our legal and regulatory obligations, this includes but is not limited to the detection and prevention of fraud and crime; and
where we conduct checks in accordance with our anti-money laundering procedures, these are based on the legal grounds identified in section 4 (Anti-money laundering procedures) below.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

In most cases we will retain a record of your personal information for 15 years from the date of closure of your file, at which point the contents of the file are destroyed.

Unless a longer retention period applies, if a matter concerns a child then we will keep the file for eight years following the eighteenth birthday of the child (or the youngest child if the matter concerns more than one).

Different retention periods apply to wills matters and matters concerning the administration of estates.

If you are raising a complaint with the firm, the retention period of the complaint file is 15 years.

These retention periods are given as a general guide and may vary depending on the nature of your matter and the forms of documentation in which your personal information is recorded.

Upon expiry of the applicable retention period and subject to any ongoing legal obligations we may have to keep your information for a longer period, we will:

take appropriate steps to return documentation containing your personal information to you;
anonymise your personal information on our systems so that you can no longer be identified from it; and/or
securely destroy your personal information.

Who is my information shared with and for what purpose?

Over the course of our instruction, your personal information may legitimately be shared with a number of third parties. We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
in litigation, to the Court, which is subject to its own statutory duty to maintain the confidentiality and security of your personal information;
if you ask us to instruct counsel (including foreign counsel), mediators or other third party professional service providers on your behalf, or you instruct us to take pre-contractual steps (such as obtaining fee estimates) from them, then we will share your information with such persons and organisations as is necessary to comply with your instructions;
the persons identified in section 4 (Anti-money laundering procedures), below;
regulatory and government bodies, where we have a legal obligation to do so (including but not limited to Lexcel and the Law Society’s Conveyancing Quality Scheme (CQS);
our professional advisers, including our auditors (details for which can be found in our accounts) and external legal advisers. These third parties are subject to professional duties of confidentiality. They also operate their own Privacy Notices, which are available from their respective websites;
if you are raising a complaint with the firm, the complaint will be shared with our insurers and insurance brokers, the legal ombudsman and (in anonymised form) the SRA;
legal directories (such as The Legal 500 and Chambers and Partners), who are subject to strict obligations of confidentiality unless we have received your permission for your information to be published;
where you have given us permission to use any comments for testimonial and marketing purposes, your name and job title may be shared on our website and other marketing material; and
any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

SECTION D SUPPLIERS, CONTRACTORS AND THEIR EMPLOYEES / REPRESENTATIVES

This section applies to you if you are a supplier or contractor of ours, or you work for or represent a supplier or contractor of ours. For this purpose, ‘suppliers’ and ‘contractors’ include ‘potential suppliers’ and ‘potential contractors’, i.e. where communications are sent between us with a view to establishing a supplier or contractor relationship.

What information do you process and for what purpose?

If you are a sole trader or partner in a legal partnership then we may receive personal information from you directly or from an employee or representative of your business. If you are a contact for an organisation then we may receive your contact details from you directly, from another employee or representative of the organisation. In some circumstances, we may also be provided your information by a third party, for example where they refer you to us.

We will typically process the following personal information about you: your name, email address, telephone number, contact address, job description or specialism and details of your employer or the organisation you represent. If you are a sole trader or a partner in a legal partnership then you may be personally identifiable from your business’ banking information provided to us.

We use this information to:

discuss with you the products or services you or your organisation offer, including taking pre-contractual steps such as obtaining a price quote and responding to your enquiries;
perform the contract between you, or your organisation, and us;
manage the account we hold with you or your organisation;
comply with our internal record keeping and audit procedures; and
administer a dispute or potential dispute arising between us.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

the processing is necessary for the performance of the contract between you (if you are a private individual) and us. This includes where we have instructed you to take some precontractual steps prior to us formalising the contract; and
the processing is necessary for achieving our legitimate interests of:
- the performance of the contract between the organisation that you work for or represent and us. This includes where we have instructed you to take some precontractual steps prior to us formalising the contract;
- keeping a record of suppliers and contractors as well as their contacts, should we wish to make use of your services in the future (whether by way of new or repeat business); and
- keeping accurate records of the contractual terms we have agreed and who they were agreed with, should a dispute ever arise between you, or the organisation you work for or represent, and us, and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes.

How long do you keep my information for?

We typically keep your information for the following periods:

if you make an enquiry with us, or vice versa, but you (or your organisation) do not subsequently become a supplier or contractor of ours, then we keep your information for 18 months from the date of our discussions ending (or if we did not reply, the date of your enquiry);
if you respond to a tender process with us, or vice versa, but the tender application is unsuccessful, then we keep your information until the conclusion of any subsequent tender process;
if a contract was entered into between you, or your organisation, and us, 8 years from the date that contract ended unless the retention of your personal information is not necessary for our purposes set out above in which case we will confidentially destroy your information unless we have another lawful justification for retaining it.

These periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises or where we consider there is a reasonable business needs (our legitimate interest) to keep your information which is not overridden by your rights and freedoms as a data subject.

Who is my information shared with and for what purpose?

We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the groups of people:

certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
our professional advisers, including our auditors (details for which can be found in our accounts) and external legal advisers. These third parties are subject to professional duties of confidentiality. They also operate their own Privacy Notices, which are available from their respective websites;
regulatory and government bodies, where we have a legal obligation to do so; and
any other person who you instruct us to share your personal information with.

SECTION E ALL OTHER PEOPLE, INCLUDING COUNTERPARTIES IN LEGAL DISPUTES, REFERRERS, POTENTIAL REFERRERS AND BUSINESS CONTACTS

For any other person for whom we process personal data, such processing is carried out only insofar as is necessary for us to provide our services, administer our business or comply with our legal obligations.

If you are a counterparty in a legal claim or dispute then we will typically receive personal information about you from your legal representation or from you directly.

What information do you process and for what purpose?

In all cases, we may receive information including your name, address, date of birth and email address. Depending on the circumstances, we may receive significantly more categories of information than this.

If you are a beneficiary of a trust we are settling or administering then in certain circumstances we will require you to confirm your name, address, date and country of birth, country of residence and national insurance number (or local equivalent). This is because we have a legal obligation to keep a record of this information. Additionally, in certain circumstances we may be required to share certain information about you with HMRC for tax reasons. This information would include your full name, date of birth, national insurance number, telephone number and email address. We will inform you where this is the case.

If you are asked to introduce a client to us by video call in order for us to administer their oath or statutory declaration remotely then we will make a recording of the audio and video from that call.

If you are a counterparty in a legal dispute then we may make enquiries about your finances as part of advising our client on their claim, or potential claim, against you. This may involve contacting other creditors to establish your total liability and carrying out searches of public registers, for example to see if you have a county court judgement registered against you or if your property has a charge registered against it.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

processing is necessary for us to comply with our legal obligations, including under the Common Reporting Standard (CRS) where we are instructed in respect to trusts; and
the processing is necessary for achieving our legitimate interests of:
- the performance of the contract between the firm and our client, our employees, our suppliers and other third parties. This includes where we are instructed to take some pre-contractual steps prior to us formalising the contract;
- keeping a record of suppliers and contractors as well as their contacts; and
- keeping accurate records of the contractual terms we have agreed and who they were agreed with, should a dispute ever arise between you, or the organisation you work for or represent, and us,and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes.

How long do you keep my information for?

We typically keep this sort of information for a period of 8 years after the conclusion of the relationship under which your information was given to us. If we received your information in the course of us providing legal services to one of our clients then the retention period will typically end 8 years from the date we close that client file. Our retention periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises.

For video call footage relating to the remote administration of oaths and statutory declarations, we will typically keep the footage for 15 years from the date our matter file is closed.

Who is my information shared with and for what purpose?

We only share your information insofar as is necessary to comply with our lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the groups of people:

certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
our professional advisers, including our auditors (details for which can be found in our accounts) and external legal advisers. These third parties are subject to professional duties of confidentiality. They also operate their own Privacy Notices, which are available from their respective websites;
regulatory and government bodies, where we have a legal obligation to do so; and
any other person who you instruct us to share your personal information with.

4. ANTI-MONEY LAUNDERING PROCEDURES

We have a legal obligation to comply with anti-money laundering laws and regulations. Broadly, money laundering can arise if a person acquires, retains, transfers, uses or controls the proceeds of a crime for the benefit of a criminal activity. In this section, references to money laundering include references to similar financial offences committed in relation to terrorism.

In order to fulfil our legal obligations, we must verify the identity of new clients, and in certain circumstances existing clients. Additionally, from time to time our internal procedures may also require us to conduct background checks on new and existing clients.

This means that, if you are an individual client or prospective individual client of ours then we will need to verify your identity using a secure and confidential ID checking service operated by an external service provider. For individual clients, these identity and background checks may require us to take a copy of your photographic identification and a recent utility bill.

For clients or prospective client which are not individuals, such as companies, we may need to verify the identity of directors, other officers, shareholders, beneficial owners and instructing employees or representatives of the organisation. The checks conducted on these persons are broadly the same as those we conduct on individual clients. We will therefore typically require a copy of the person’s photographic identification and a recent utility bill in order to complete the verification process. In the case of organisations having a different corporate structure, equivalent requirements will apply and we will notify you of these where applicable.

For both individuals and corporate clients (including prospective clients) we may require evidence of source of funds at the outset of our instruction and possibly from time to time throughout our relationship. We may request and/or obtain this information from third party sources. The sources for such verification may comprise documentation which we request from the client (or prospective client) and/or through the use of online sources.

In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. In other circumstances we may agree to commence acting whilst these procedures are carried out. We reserve the right to decline to act or, if appropriate, cease to act should these procedures not be completed to our satisfaction. We may also be required to make detailed enquiries of any unusual transactions such as the transfer of large amounts of cash and such enquiries may result in us processing additional personal information. Grounds for processing your data for anti-money laundering purposes.

Grounds for processing your data for anti-money laundering purposes

We process your information in the manner set out above on the following legal grounds:

processing is necessary for the performance of a contract between you (as a private individual) and us, including where processing is necessary for us to take pre-contractual steps. This will be the case where we are legally prevented from acting for you until the relevant checks and procedures have been completed;
where we have a contractual relationship with the organisation you work for or represent, because we have a legitimate interest to process your information to ensure that we are not involved in or otherwise facilitate money laundering activity and such interests do not outweigh your rights and freedoms as a data subject;
processing is necessary for our compliance with our legal obligations under anti-money laundering laws and regulations; and
should the processing we conduct in line with our anti-money laundering procedures exceed the minimum level of processing required by the relevant law and regulations, because we have a legitimate business interest in taking additional precautions to ensure that we are not involved in or otherwise facilitate money laundering activity. In accordance with data protection law, we have considered your fundamental rights and interests as a data subject and are satisfied that our processing is lawfully justified.

Disclosure of your information to third parties for anti-money laundering purposes

For the purposes of carrying out our electronic ID checks, we may share your information with our external ID check providers. Such providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times.

In certain circumstances, we may process your personal information without further notification to you. This applies, for example, where we make a report in good faith under the Terrorism Act 2000 or Proceeds of Crime Act 2002. Such processing is justified under data protection law on the basis that it is in the substantial public interest.

Retention of personal data for anti-money laundering purposes

We are legally obliged to retain your personal information for anti-money laundering purposes for 5 years from the end of the business relationship or transaction between us. Please refer to our retention periods set out in the appropriate Sections above.

5. AUTOMATED DECISION MAKING
We do not make automated decisions about you based on your information. Should this change then we will let you know.

6. CALL RECORDING

Occasionally we may need to record a telephone call we have with you. This may be in order to collect evidence, to protect our staff or otherwise to create a record of what is being said. We will inform you of our intention to record the call before we start recording. We process your personal information comprised in that call recording on the basis that we have a legitimate interest in doing so. Once recorded, your personal information will otherwise be processed in accordance with one or more of the preceding sections A to E, depending on our relationship with you.

7. YOUR RIGHTS

Under data protection law you have the following rights:

the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for. This information is set out in this privacy notice. Please note that, as set out in the above section 4 (Anti-money laundering procedures), in certain circumstances we are legally obliged not to disclose certain processing information to you. If you have any questions then please contact our Data Protection Officer using the details set out at section 12 (Contact) below;
if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Depending on the context of our processing, consent can be withdrawn by:
- notifying us using the information set out at section 12 (Contact) below;
- clicking the opt-out/unsubscribe link in our email marketing communications; or
- speaking to the lawyer who is working on your matter

please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent. Furthermore, we may have a legal obligation or right to retain your information on our files notwithstanding that you have withdrawn your consent to our processing. Should this be the case, we will notify you around the time we acknowledge your withdrawal of consent;

the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 9 (Access to information), below;
the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by leaving unticked certain boxes on the forms we use to collect your data or by contacting us using the details set out in section 12 (Contact) below;
the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
the right to object to us processing your personal information in certain other situations;
the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate;
the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law;
enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 9 (Access to information), below.

For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).

If you wish to complain about how we have handled your personal information then you have the general right to complain to us (in the first instance) and, if you are not satisfied by our response and depending on the nature of the complaint, to the Information Commissioner’s Office and/or the Legal Ombudsman (in the second instance). Our contact details are set out in section 12 (Contact) below and full details of our complaints procedure are available on request.

8. COOKIES

To make our website simpler, small data files are placed on your computer. These are known as cookies. Most big websites do this too.

They improve things by:

remembering settings, so you don’t have to keep re-entering them whenever you visit a new page;
remembering information you’ve given (e.g. your postcode) so you don’t need to keep entering it;
measuring how you use the website so we can make sure it meets your needs.

Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.

You can opt out of Google Analytics cookies for all sites.

To learn more about cookies and how to manage them, visit AboutCookies.org.

First Party Cookies

These are cookies that are set by our website directly.

We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not use cookies to collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

There are also cookies that store basic data on your interactions with WordPress, the CMS running our website.

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by Twitter, Facebook and Google+. If you want to prevent sites setting third party cookies, instructions to do so are here.

Log Files

Log files allow us to record visitors’ use of the site. These logs are automatically generated from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you.

9. ACCESS TO INFORMATION

Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You may need to send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. Requests should be sent to your usual point of contact and copied to our Data Protection Officer by email to [email protected] or by post to The Data Protection Officer, Stephens Wilmot Ltd, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ.

We will initially respond to you to confirm the timeframe that is applicable to your request.

If you are requesting copies of documents you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.

In certain circumstances, you may be entitled to receive the information in a structured, commonly used and machine readable form.

10. DATA SECURITY

We have various IT and Security policies in place and we will always store your digital information on secure servers which are based in the UK or a country which the EU has deemed to have adequate security measures in place. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

11. CHANGES TO OUR PRIVACY NOTICE

This notice was last updated on 15th January 2021. Any material changes we may make to our privacy notice in the future will be posted on this page. Where we hold your contract information, material changes to how we collect or use your personal information will be notified to you directly.

12. CONTACT

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to The Data Protection Officer, Stephens Wilmot Ltd, Mamhilad House, Mamhilad Park Estate, Mamhilad, Pontypool NP4 0HZ Wales or [email protected]