Privacy Policy
Alan Simons & Company Solicitors is committed to deliver an exceptional service to our clients. This includes protecting the privacy of our clients and website visitors. We want you to know what personal data we process and why. This privacy notice contains information about what personal data we collect and store about you, how we use it, the legal basis for using it and how long we keep it. It also tells you who we share this information with, what we do to protect your data and how to get in touch with us. This privacy notice is relevant to our dealings with our clients and prospective clients, our staff, our solicitors and candidates considering a career with us.
This policy applies to all departments handling personal records containing personal data at Alan Simons & Company Solicitors.
Working with Us
We are a commercial law firm. As a client, we are at your service and have all the knowledge and experience you need to succeed. As a staff member, solicitor or supplier, we work with you to deliver services to our clients. When working with you, we will have access to and process data. We want to tell you what we have, why we have it and how long we will keep it for.
Responsibilities - Details of Data Processor/Collector
We have appointed a data protection manager ("DPM") who is responsible for overseeing questions in relation to this privacy notice. If you have any such questions, including any requests to exercise your legal rights or concerns relating to your data, please contact the DPM using the contact details provided below. You have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
DATA PROTECTION MANAGER - Chris Davison
Alan Simons & Company Solicitors is a partnership in England and Wales and with a head office at 5 Bradenham Place, Penarth, CF64 2AG.
What Data We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of services you have purchased from us. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or any information about criminal convictions and offences) unless required to enable us to provide our services to you, in which case it will be used in accordance with this privacy notice.
Information gathered automatically.
We may also collect information automatically about your access and usage of our website using cookies and other analytical technology. Full details of our data collection methods are included in the 'Cookie' section below. We will use your IP address, which is a numeric code that identifies a computer on the internet, to collect internet traffic data and information on your browser type and computer. If you do not wish to receive cookies, you may reject them by amending your browser settings, unless they are required for the delivery of our website or services to visitors.
Information gathered from other sources including third parties.
Additionally, we may obtain information about you from legitimate third parties, including existing clients, Courts and other Government institutions (the Home Office, Police Station etc.) and other relevant entities that are known to you or related to your enquiry or requirements.
How is your personal data collected
We use different methods to collect data from and about you including through a) Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email, website chat, voice calls, text messages or otherwise. This includes personal data you provide when you:
- apply for and use our services;
- request marketing to be sent to you;
- give us some feedback.
- you make enquiry through our website.
- request information about us, our website, our services or any other interaction involving this website; b) Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources, including those set out below:
- Experts instructed by us upon your behalf in the course of our dealings with you;
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
How we use your personal information
We use your personal information for the following purposes:
- To provide you with legal services.
- To comply with our legal responsibilities to the SRA and under relevant regulation.
- To promote and market our services.
- To engage with and recruit talented individuals to work with us.
- To engage with partners that supply us with goods and services;
- To manage any queries or complaints you have about the services you receive;
- To monitor the quality of service we deliver to you, and ensure it meets your expectations;
- To comply with legal obligations to act in the public interest and uphold the rule of law.
Why you have to provide the information
Some of the personal information, such as your personal details and financial information, is required for us to comply with the regulatory framework we work under or required under statutory obligations for Anti-money Laundering purposes, to comply with the Solicitors Regulatory Authority (SRA) regulations, HMRC requirements, Land Registry requirements and requirements of the Courts of England and Wales. If you do not give us this information, we may not be able to provide you with legal services or complete your matter.
Your Consent
In some cases, you will give us consent to use your personal information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. There is more information below on your rights regarding consent. The activities where we rely on your consent are:
Keeping in touch with you and sending you information about how our services can help. We will also let you know about what is going on at our firm and developments in the industry. We will always give you an option to opt-out of future communications.
If you are thinking about working with us and have applied for a role either directly or through a recruiter, we will rely on your consent to process your application. If you chose to withdraw your consent in these circumstances, then please be aware we may not be able to process your application and will only keep personal information that we are required to by law or to defend a legal claim.
If you are giving us any special categories of data, we may need your explicit consent to do so. We will let you know if this happens and explain it all to you.
You always have the right to withdraw your consent at any time. If consent relates to electronic communications (such as a newsletter or invitations to events) then we will always give you an 'Opt-Out' option in every communication. You can also contact us using any of the details below ('Get in touch') to withdraw consent.
Performance of a legal contract
We will process personal information that relates to the services we are providing you with, or receiving from you, that are bound by our engagement with you (legal contract). The areas where we are processing personal information to enter into, or fulfill a legal contract are:
Providing legal services to you or discussing our services with you to arrange an engagement. We will process any personal information relating to your matter under this legal basis. We may also be processing personal information given to us by a client to fulfil a contract, even though the personal information is not the client's but of related parties such as family, next of kin or staff details at a related company.
When working with you in partnership to deliver services we may process personal information, such as information in agreements and on invoices, required to fulfill our obligations under those contracts.
Tasks Carried Out in Public Interest
There may be some cases when we have a legal obligation to act in the public interest in relation to the detection and reporting of suspected crime. We can't rely on your consent and may not be able to tell you when we are processing your personal information in this way so as not to prejudice those purposes.
Legitimate Interest
We rely on legitimate interests to engage with talented individuals that may be a great fit for our firm. We may use personal information that you have made public and shown interest to discuss opportunities with you (for instance on CV sites and professional networking sites).
We rely on legitimate interests in some cases to invite you to certain events such as networking events or hospitality events. Our legitimate interest is to thank our clients and bring like-minded people together. We will use your contact information when we do this and can provide more information on the assessments, we have gone through to make sure the use of your information in this way is fair on request (see 'get in touch' below).
Who will we share your personal information with
We work closely with selected partners and consultants that we share personal information with to deliver you the service you expect from us. We share personal information to:
- Perform the services you have instructed us on that may require us to share data with expert consultants, counsel and advisors as required to complete your matter;
- Professional services business that helps us to maintain business quality and manage compliance with regulations;
- Search providers used to perform due diligence searches, anti-money laundering searches and any other searches required by law or to undertake your matter;
- Credit reference agencies used to perform searches required by law or to undertake your matter;
- Certain processors and providers of services and software that make up the platforms and systems we use to deliver services;
- Storage and archiving providers to ensure your personal information is protected securely and backed up.
Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR and will be monitored for performance with those agreements.
We will share personal information with official bodies if required by law including the SRA, ICO, the police, law enforcement and intelligence agencies.
SHARING OF YOUR INFORMATION OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
It may be necessary to transfer your personal information outside the EEA or to an international organisation in order to perform your instructions. We do not routinely transfer data outside of the EEA, and when we do we will notify you of the reasons, the legal basis for doing so, any relevant risk assessments that we want to make you aware of, and the appropriate safeguards in place to protect your rights and freedoms.
If you would like any further information on transfers outside of the EEA, or would think as part of your matter you will want us to transfer your data outside of the EEA, then please contact our Data Protection Manager (see 'Get in touch').
How long will we retain your personal data?
We maintain your personal information only for the duration required to fulfill the purposes we've outlined. Our retention periods are regularly reviewed to ensure we retain only necessary data. When information can be held for varying periods, we'll retain it for the longer duration between the two:
- Matter Information: Details about you and any personal data associated with your case will be retained for 7 years post the matter's conclusion or for 1 year after the relevant limitation period, whichever extends longer. This is essential to meet insurance provider requirements, ensuring records are accessible for potential legal claims, and to adhere to SRA record-keeping obligations.
- Identification and Due Diligence: Information linked to Anti-money Laundering checks and due diligence will be stored for 5 years following the completion of your last case to comply with our Anti-money Laundering commitments. Should you continue to engage with us, we'll update this data at least every 3 years.
- Financial Transactions: Data related to you and financial transactions, encompassing fees paid and service payments, will be retained for 7 years to align with HMRC regulations mandating accurate and auditable records.
- Contact Information for Marketing and Legitimate Interests: With your consent or for pursuing legitimate interests, contact information used for marketing purposes will be retained for 30 days following the withdrawal of your consent.
Information that undergoes deletion might be encrypted and stored in secure, inaccessible backups for 6 years after deletion. These backups are maintained in compliance with article 32 of the GDPR, ensuring system security and resilience.
Your Rights
Under the General Data Protection Regulation, you hold several vital rights that can be exercised without charge. To summarise, these rights encompass:
- Transparency and Fair Processing: You have the right to know how we use your personal data and ensure fair processing, including access to this information through this notice.
- Access to Information: You can request access to your personal data and supplementary details.
- Correction and Completion: If there are inaccuracies or missing information in the data we hold about you, you can request corrections or completion.
- Erasure of Information: In certain circumstances, you can ask us to delete your personal information.
- Data Portability: You can receive a copy of your provided personal information or have it transmitted to a third party in a structured, commonly used, and machine-readable format.
- Objection to Processing: You have the right to object to the processing of your personal data, especially in direct marketing or specific situations.
- Restriction of Processing: You can request limitations on the processing of your personal information in certain situations.
- Avoidance of Automated Decision Making: You have the right to avoid being subject to decisions based solely on automated processing that significantly affects or produces legal effects concerning you.
You have the right to opt-out of your personal data being processed for marketing purposes. We typically inform you, prior to data collection, about our intentions to use your data for such purposes or disclose it to third parties. You can exercise this right by selecting specific options on the forms used for data collection.
Note: You can contact the UK Data Protection Authority via the following link: https://ico.org.uk/global/contact-us/
Your Duty to Inform Us of Changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Security of Personal Information
We are a modern law firm and have invested significantly in our process, systems and controls to safeguard your data. We keep your personal information secure through:
- Training all of our staff and Partners on the importance of information security and the processes we have in place to do so;
- Review by external advisers who will help us to understand and manage emerging threats to information;
- Policies and procedures that are enforced across the practice;
- Security functions in systems;
- Audits and checks on the performance of controls;
- Risk management processes that identify and mitigate risks and threats to your information;
- Encrypted backups taken periodically to make sure data is always available;
- Encryption on devices that hold data;
- Password policies for any systems that hold data;
- Administrative control and oversight to any systems or networks that hold data.
Cookies Policy
Please see our Cookies Policy page for details.
Embedded content and Third Party websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Future Processing
We do not have any intentions to process your personal information beyond the purposes stated in this privacy notice. In the event of any changes, we commit to updating this privacy notice on our website and within any documentation sent to you. Additionally, we will notify you via email should we commence processing your data in a new manner.
Changes to this Privacy Policy
This privacy notice was initially published in January 2024 and is scheduled for review within 12 months. We regularly assess our internal privacy practices and may alter this policy as needed. Any modifications will be communicated by updating our website and informing you through documentation or messages sent your way.
Contact Us
By Post: Alan Simons & Company Solicitors LLP, 5 Bradenham Place, Penarth CF64 2AG
By Phone: 02920 70 3991
By Email: chris.davison@alansimons.co.uk