top of page

Privacy Notice

PRIVACY NOTICE

 

Please read this Privacy Notice carefully as it contains important information to help you understand how and why we process any of your personal information that is provided to us. This Privacy Notice was last updated on 29th September 2022.

 

 

Introduction

 

Stewart Begum Solicitors LTD (collectively referred to as “Stewart Begum Solicitors”, “we”, “us” or “our”) is committed to protecting the privacy and security of your personal information in accordance with our legal responsibilities under the applicable data protection laws. We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number ZA436907. Mark Stewart is our Data Protection Manager.

 

This Privacy Notice (“Notice”) describes how we collect and use personal information about you during and after your relationship with us, in accordance with the UK General Data Protection Regulation 2021 (“the UK GDPR 2021”). This includes whether or not you become a client of Stewart Begum Solicitors or contact us through one of our different electronic platforms. This Notice gives details of what to expect when you interact with Stewart Begum Solicitors and how and what happens if we collect personal information through these interactions.

 

It is important that you read this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. Please note, this Notice does not form part of any contract to provide services you may have with us from time to time.

 

We reserve the right to amend this Notice at any time, if required, without notice to you so please check to ensure that you are referring to the latest copy of this Notice. We may also notify you in other ways from time to time about the processing of your personal data.

 

 

Data Controller

 

Stewart Begum Solicitors of St Clare House, 30-33 Minories, London, EC3N 1DD is a “data controller” for the purposes of the UK GDPR 2021. This means that we are responsible for deciding how we hold and use personal information about you.

 

If you have any questions about this Notice or how we handle your personal information, please contact the Data Protection Manager at the above address, or alternatively, by email at info@stewartbegum.co.uk.

 

You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

 

How we use your personal data

 

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

 

  • where we need to perform the contract we are about to enter into or have entered into with you;

  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

  • where we need to comply with a legal or regulatory obligation.

 

We may also use your personal information in the following situations, which are likely to be rare:

 

  • where we need to protect your interests (or someone else’s interests).

  • where it is needed for official purposes.

 

Generally, we do not rely on consent as a legal basis for processing your personal data and we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. If it becomes necessary to obtain your consent, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and you will be able to withdraw your consent at any time.

 

 

Purposes for which we will use your personal data

 

In the table below we have set out a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity
(b) Contact

Performance of a contract with you

To process and deliver services including:


(a) Manage payments, fees and charges
(b) Collect and recover money owed to us

(a) Identity
(b) Contact
(c) Financial
(d) Transaction
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:


(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey

(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To enable you to partake a survey

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

(a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical

Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical
(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

 

 

Visitors to our website

 

Any data that you submit using a form on our website (e.g., your name, email address) will only be held by us for the purpose for which it is needed and for the shortest amount of time required.

 

For example, if you make an enquiry that we are unable to assist you with, your contact form will be deleted. If your enquiry results in you becoming a client of the firm, then your data will be stored as part of your client record and kept in accordance with the requirements relating to client records (in respect of which you will be further advised separately on entering a retainer).

 

We do not currently have a mailing list for you to subscribe to. In any event, your data will not be disclosed to any third parties without your consent or as otherwise allowed by the relevant data protection legislation and will only be used for responding to your query (or purposes associated with that purpose).

 

 

People who make a complaint to us

 

When we receive a complaint from a person we create a file which will contain the details of the person complaining and other relevant details (including details of other people) that are relevant to the complaint. We only use this information for the purposes of investigating and responding to the complaint. We do compile and review statistics showing information about the number of complaints we receive but aside from reports that are provided to our regulators, the Legal Aid Agency or other auditors engaged in quality control of our business, none of these reports are published externally and, if they were, would not include information that would enable any individual to be identified.

 

We will keep personal information contained in complaint files in line with our retention policy for client files. This means that information relating to a complaint will be retained at least six years from closure within our case management system.

 

 

Job applicants, current workers and former workers

 

If you apply for a job with Stewart Begum Solicitors, information you provide will only be used for the purpose of processing your application. We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.

 

 

Application stage

 

We will ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and may also ask you for answers to questions relevant to the role you have applied for. Our recruitment team will have access to all of this information.

 

You will also be asked to volunteer equal opportunities information. If you chose to provide it, this information will not be made available to any staff outside of our recruitment team in a way which can identify you. Any information you provide will be used only to produce and monitor equal opportunities statistics.

 

 

Offer of a position

 

If offer you a position we may ask you for information so that we can carry out pre-commencement checks. We ask for this information as we are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.

 

You will therefore be required to provide:

 

  • Proof of your identity. You will be asked to attend our office with original documents, we will take copies;

  • Proof of your qualifications. You will be asked to attend our office with original documents, we will take copies;

  • We may contact your referees, using the details you provide in your application, directly to obtain references;

  • We may also ask you to complete a questionnaire about your health. This is to establish your fitness to work.

 

Assuming that you are able to commence work with us, we will also ask you for the following:

 

  • Bank details and other information to process salary payments and enrol you for your pension entitlements;

  • Emergency contact details so that we know who to contact in case you have an emergency at work.

 

 

Your personnel file

 

If you work for Stewart Begum Solicitors or are a consultant providing services through Stewart Begum Solicitors, your personnel records will be held on our case management system. Only senior management and HR staff have access to the HR files and they are additionally all password protected and securely held.

 

 

Pension

 

The firm has a pension plan in place that we are required to contribute to as part of the statutory requirement to auto-enrol our qualifying employees to receive their pension entitlement. We will share such data with the pension provider, from time to time, as required in order to facilitate the processing of pension payments and reports.

 

 

How long is the information retained for?

 

If you are successful at gaining a position with Stewart Begum Solicitors, the information you provide during the application process will be retained by us as part of your personnel file for the duration of your employment plus 6 years after you stop working for us.

 

If you are unsuccessful at any stage of the process, the information you have provided will be deleted from our systems within 12 months.

 

 

Internships and work experience

 

We also occasionally offer opportunities for people to work for us on a secondment basis or work experience basis. We accept applications from individuals or from other organisations who think they could benefit from their staff working with us. We might ask you to provide more information about your skills and experience or invite you to an interview.

 

If we do not have any suitable work at the time, we will let you know but we might ask you if you would like us to retain your application so that we can proactively contact you about possible opportunities in the future. If you agree, we will keep your application for 12 months.

 

If you are invited to work with us, you will be expected to adhere to a confidentiality agreement and code of conduct, which will be explained to you on induction.

 

After your internship or work experience has ended, we might ask you if you would like us to retain your information so that we can proactively contact you about possible opportunities in the future, either at Stewart Begum Solicitors or at other firms that we know may be recruiting for positions that you might be interested in. If you agreed, we will keep your information for a further 12 months.

 

 

How we share your information

 

Where necessary or required we share information with:

 

  • Regulatory authorities to comply with our legal obligations;

  • Insurers for the purpose of providing you with appropriate financial cover for an identified insurable risk, or in connection with any claim made by you against us;

  • Other government departments such as HMRC, Companies House, Probate Registry, Court of Protection or HM Land Registry to fulfil your and our legal obligations;

  • Experts and advocates instructed to work on your matter;

  • Our auditors and external assessment bodies to achieve and maintain any regulatory or quality assurance standards and accreditations which meet our legal and contractual obligations and enable us to provide quality legal services to you.

 

 

Transfers of data outside the UK

 

We may also be required to transfer your personal data outside the UK. The UK General Data Protection Regulation 2021 together with the Data Protection Act 2018 regulate the processing of personal data in the UK, following its departure from the EU. The EU General Data Protection Regulation 2018 continues to regulate the processing of personal data in the EU/EEA and in respect of other states and countries having a judgment of adequacy from the EU.

 

The EU GDPR 2018 restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the EU GDPR 2018 is not undermined. We transfer personal data originating in one country across borders when we transmit, send, view or access that data in or to a different country. We may transfer personal data outside the EEA if one of the following conditions applies:

 

  • the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;

  • appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism;

  • you have provided explicit consent to the proposed transfer after being informed of any potential risks; or

  • the transfer is necessary for one of the other reasons set out in the EU GDPR 2018 including the performance of your contract with us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.

 

If you have any questions about the transfer of data outside the EEA, please contact us for further information.

 

 

Our website

 

Third-party links

 

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

 

 

Cookies

 

Our website uses cookies, as almost all websites do, to help provide you with the best experience we can. When someone visits www.stewartbegum.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information does not make, and does not allow Google to make, any attempt to find out the identities of those visiting the website. We will only collect personal data through our website in a clear and obvious way, for example through contact forms or payment pages.

 

We publish the website through a third party platform, WordPress.com. These sites are hosted at WordPress.com, which is run by Automattic Inc. There is a built in service within the platform which also collects anonymous information about users’ activity on the site, for example the number of users viewing pages on the site and to monitor and report on the effectiveness of the site.

 

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

 

 

How long do we retain your personal information?

 

We will retain your personal information in accordance with the applicable laws.  We will take reasonable steps to destroy or anonymise personal information we no longer need for the purposes we have set out above. Our retention periods are set out in the table below.

 

Type of personal Information

Retention Period

General personal data which includes your normal personal data, personal identity and personal financial data.

6 years after the end of our business relationship with you (12 months in respect of prospective applications or matters that do not proceed), or the end of your matter which ever comes later.

Client due diligence material which includes copies of your passport, driver’s license, bank statements and any associated documents and explanations you have given to us to prevent fraud, financial crime and money laundering.

6 years after the end of our business relationship with you (12 months in respect of prospective applications or matters that do not proceed), or the end of your matter which ever comes later.

Special categories of personal data.

6 years after the end of our business relationship with you (12 months in respect of prospective applications or matters that do not proceed), or the end of your matter which ever comes later.

Call recordings.

12 months.

 

 

Your rights

 

You have a right to access the personal data we hold about you. You may ask us to rectify or erase the personal data we hold about you or to restrict the processing we carry out. You can also object to the way we are processing your personal data or request that we transfer it to a third party. You have the right to:

 

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

 

  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

 

  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

 

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

 

  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

 

  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

 

  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

 

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing at Data Protection Manager, Stewart begum Solicitors, St Clare House, London, EC3N 1DD or alternatively, by email at info@stewartbegum.co.uk.

 

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

 

For a full list of your rights and how these may be exercised please visit www.ico.org.uk.

bottom of page