Southampton 02380 482 482
Winchester 01962 679 777
Paris Smith

Privacy Notice

Introduction and Definitions

Paris Smith LLP (“we“, “our” and “us“) is committed to protecting and respecting your privacy.

This notice, and any other documents referred to below, sets out the basis on which any personal data, which we collect about you, that you provide to us or that we have received from a third party source, will be processed by us.

If you have questions about correcting or deleting your personal data please refer to section 4 (Your rights) below.

References in this notice to “data protection law” mean the General Data Protection Regulation (Regulation (EU) 2016/679) and all related data protection legislation having effect in the United Kingdom from time to time.

References in this notice to “sensitive personal data” and “personal information” shall have the same meaning as “special categories of data” and “personal data“, respectively, under data protection law. References to “information” shall also include “sensitive personal data“, where applicable.

OUR DETAILS

The data controller with conduct of your personal information is Paris Smith LLP of 1 London Road, Southampton, SO15 2AE, 9 Parchment Street, Winchester SO23 8AT and of No 2 Crown Walk, Winchester SO23 8BB.

Our data protection officer is Crispin Dick, who can be contacted:

  • by email to DPO@parissmith.co.uk; or
  • by post to The Data Protection Officer, Paris Smith LLP, 1 London Road, Southampton, SO15 2AE.

1  HOW WE USE YOUR INFORMATION

This part of the notice explains what information we hold about you, why we are processing that information, the legal basis for the processing, the duration for which we keep your information and (if applicable) who your information will be shared with and where those recipients are based.

We process information for different categories of people in different ways. For that reason, we have separated this part of the notice into different sections – one for each category of people. Please read each section which applies to you, as you may fall within more than one category. Once you have finished reading each section which applies to you, please resume reading from section 2 (Anti-money laundering procedures) onwards as this information applies to all categories of people.

  • Section A – Visitors to our website;
  • Section B – Prospective clients;
  • Section C – Current clients;
  • Section D – People who attend our training sessions, seminars and events;
  • Section E – Suppliers, contractors and their employees and representatives; and
  • Section F – All other people, including counterparties in legal disputes.

SECTION A – VISITORS TO OUR WEBSITE

This section applies to you if you visit our website.

Third party websites and payment processors

Our website may, from time to time, contain links to and from third party websites, including social media sites. If you follow a link to any of these websites, please note that these sites have their own privacy notices and that we do not accept any responsibility or liability for those notices. Please check their privacy notice before you submit any personal data to those websites.

If you make a payment through the ‘Make a payment’ section of our website then the information you enter into the payment form will be sent straight to our payment processor, WorldPay in an encrypted format. WorldPay operates its own Privacy Notice, accessible from its website, which you should read and consider before submitting your information.

What information do you process and for what purpose?

We process information which you submit to us through our website, including our contact forms and blog comments section. This can include your name, email address, telephone number and, depending on the nature of your enquiry, personal information about you. If you make an enquiry with us and provide us with sensitive personal information then we will process that information in a similar way, taking into account the heightened importance of maintaining the privacy and security of such information.

Through our website, we also collect non-personal identifying information about you. This includes technical information, such as your IP address, your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages. For further details on how we use cookies, please see section 5 (Cookies) below.

We use this information to:

  • pass the details of your enquiry to an appropriate person within the business;
  • contact you and respond to your enquiry or comment;
  • publish your blog comment on our website;
  • conduct administrative or operational processes within our business, including keeping a record of enquiries made, the nature of those enquiries and the outcome of said enquiries;
  • analyse the operation and use of our website;
  • where you have opted to receive the same, send you marketing information, including invitations to events which we think would be of interest to you; and
  • administer any dispute or potential dispute which may arise between us.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

  • where you have consented to us processing your information for marketing purposes, having given opt-in consent to us adding your information to our marketing database and to sending you marketing communications about our products, services and events which we think will be of interest to you, then our legal ground is that you have consented;
  • where you have provided us with sensitive personal information, then our legal ground is that you have consented to us processing that information;
  • where you are contacting us to engage our services, we process information because the processing is necessary for us taking pre-contractual steps in respect of your enquiry;
  • where applicable, we process information on the ground that it is necessary for achieving our legitimate interests of keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, ensuring that your enquiry is dealt with by the appropriate department, including handling any complaint you make or dispute which may arise between us, publishing blog comments and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes; and
  • we also process information on the ground that the processing is necessary for us to comply with our legal obligations such as, but not limited to, the prevention of fraud, detection and/or prevention of crime.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

For visitors of our website, we typically retain your information for the following periods of time:

  • for an enquiry which does not result in you (or the organisation you work for or represent) becoming a client or supplier of ours, deletion from the back-end of the website within one month from the date of your enquiry. Hard copy notes retained by the solicitors may be kept for longer;
  • for occasions when you make an enquiry and you (or the organisation you work for or represent) subsequently become a client of ours, your information will be retained in accordance with our practices for existing clients contained in section C (Current clients) below;
  • for occasions where you (or the organisation you work for or represent) are a supplier and a contract is entered into with this firm, your information will be retained in accordance with our practices for suppliers contained in section E (Suppliers, contractors and their employees and representatives) below; and
  • for blog comments, these are currently not deleted, but this is under review. If you ask us to remove your comment, we will consider your request.

Upon expiry of the applicable retention period we will either:

  • securely destroy your personal data in accordance with applicable laws and regulations; or
  • anonymise your personal data so that you can no longer be identified from it. In these circumstances, we retain the information indefinitely.

Who is my information shared with and for what purpose?

Your personal information is not shared with anyone except where we are required to do so to process your enquiry, to comply with the law, to protect our rights or to update or maintain our website or IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • regulatory and government bodies, where we have a legal obligation to do so; and
  • any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with the US Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

SECTION B – PROSPECTIVE CLIENTS

This section applies to you if you have made an enquiry about our services and/or have begun the process of instructing us to advise you.

Once you become a client of ours then Section C (Current Clients) will also apply to you.

What information do you process and for what purpose?

We process information which you provide to us, which we receive from third parties or which we obtain from third party sources. If you are an employee, officer or other representative of a company or body which is not an individual and that company or body is to be our client, the below personal information will relate to you and, in some circumstances, your colleagues or fellow officers or representatives.

The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 2 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.

Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation. We may also process information about your personal finances.

In limited circumstances, we may also process information about criminal convictions you may have.

We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.

We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 2 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company officer’s information obtained through Companies House).

We use this information to:

  • pass your information and details of your enquiry to an appropriate person within the firm;
  • contact you and respond to your enquiry, including providing you with a fee and time estimate for our services;
  • to conduct our anti-money laundering procedures set out in section 2 (Anti-money laundering procedures) below and to otherwise take steps to open your (or the intended client’s) matter on our systems;
  • conduct administrative or operational processes within our firm, including keeping a record of enquiries made, the nature of those enquiries and the outcome of said enquiries;
  • to send you marketing information about our services which we think will be of interest to you, including inviting you to Paris Smith events unless you indicate you do not wish to receive these types of communications; and
  • to administer any dispute or potential dispute which may arise between us.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

  • the processing is necessary for the performance of the contract between you (or the organisation you work for or represent) and us. This includes where you have instructed us to take some pre-contractual steps (such as providing you with a costs and time estimate for us to provide our services) prior to us formalising the contract;
  • we are entitled to process your sensitive personal information where you have manifestly made it public knowledge;
  • where we otherwise process your sensitive personal information, including information about your criminal convictions, the processing is necessary for:
    • the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
    • is necessary for the purpose of obtaining legal advice; or
    • is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
  • where you have given opt-in consent to us adding your information to our marketing database and to sending you marketing communications, because you have consented to us processing your information for marketing purposes;
  • the processing is necessary for achieving our legitimate interests of:
  • keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, including handling any complaint you make or dispute which may arise between us;
  • where we are relying on the soft opt-in under the Privacy and Electronic Communications Regulations in order to send you marketing communications, or those regulations do not otherwise apply, because we have a legitimate interest in keeping you up to date with our services and events; and
  • in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes;
  • the processing is necessary for us to comply with our legal and regulatory obligations, this includes but is not limited to the prevention and detection of fraud; and
  • where we conduct checks in accordance with our anti-money laundering procedures, these are based on the legal grounds identified in section 2 (Anti-money laundering procedures) below.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

For prospective clients, we typically retain your information for the following periods of time:

  • for an enquiry which does not result in you becoming a client of ours, 18 months from the date of your enquiry; and
  • for occasions when you make an enquiry and you subsequently become a client of ours, your information will be retained in accordance with our practices for existing clients set out in section C (Current Clients) below.

Upon expiry of the applicable retention period (but subject to any ongoing legal obligations under which we may have to keep your information for a longer period), we will:

  • take appropriate steps to return any original documentation submitted by you to us containing your personal information to you; and/or
  • anonymise your personal information on our systems so that you can no longer be identified from it; and/or
  • securely destroy your personal information.

Who is my information shared with and for what purpose?

Your personal information is not shared with anyone except where we are required to do so to process your enquiry, to comply with the law, to protect our rights or to update or maintain our website or IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • the persons identified in section 2 (Anti-money laundering procedures), below;
  • regulatory and government bodies, where we have a legal obligation to do so; and
  • any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with the US Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

SECTION C – CURRENT CLIENTS

This section applies to you if you are personally a client of ours and/or if you are an employee, officer or representative of an organisation which is a client of ours.

What information do you process and for what purpose?

We process information which you provide to us, which we receive from third parties or which we obtain from third party sources. If you are an employee, officer or other representative of a company or body which is not an individual and that company or body is to be our client, the below personal information will relate to you and, in some circumstances, your colleagues or fellow officers or representatives.

The information you provide to us can include your name, job title, place of employment, contact address, home address, telephone number and email address. In certain circumstances we may additionally need to confirm your place of birth and national insurance number (or local equivalent). Where we obtain photographic identification from you for the purpose of verifying your identity in accordance with our anti-money laundering procedures (please see section 2 (Anti-money laundering procedures) below for further information) then, depending on the form of ID you provide to us, we will also store information relating to your date and place of birth, photograph, nationality and confirmation of your sex.
Depending on the nature of your enquiry, we may also process sensitive personal information about you which could include your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, (in rare circumstances) genetic data, information concerning health, your sex life or sexual orientation and other personal information relevant to the matter that you have instructed us on.

In limited circumstances, we may also process information about criminal convictions you may have.

We may receive similar categories of information about you from third parties, such as other professional advisers that act for you, the courts, or from other legal professionals.

We also process information received from third party sources, including where we conduct electronic ID verification checks in accordance with our anti-money laundering procedures outlined at section 2 (Anti-money laundering procedures) below. These include credit reference agencies for businesses, where results may include information about named individuals, and results of our searches of court records and publicly accessible information (such as a company’s officer’s information obtained through Companies House).

We use this information to:

  • advise you in accordance with the contract for legal services entered into between you (or the organisation you work for or represent) and us and to comply with your lawful instructions under said contract;
  • from time to time conduct our anti-money laundering procedures set out in section 2 (Anti-money laundering procedures) below;
  • conduct administrative or operational processes within our business, including keeping a record of current and closed matters, bills raised and records of communications between us and our clients;
  • send you marketing information about our services which we think will be of interest to you, including inviting you to Paris Smith events, unless you indicate you do not wish to receive these types of communications;
  • otherwise comply with our legal record keeping obligations; and
  • administer any dispute or potential dispute which may arise between us.

What are your legal grounds for processing my information?

We process your information on one or more of the following legal grounds:

  • the processing is necessary for the performance of the contract for legal services entered into between you as an individual and us. This includes where you have instructed us to take pre-contractual steps (such as providing you with a costs and time estimate for us to provide our services) prior to us formalising the contract;
  • we are entitled to process your sensitive personal information where you have manifestly made it public knowledge;
  • where we otherwise process your sensitive personal information, including information about your criminal convictions, the processing is necessary for:
    • the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings);
    • is necessary for the purpose of obtaining legal advice; or
      1.3.3 is otherwise necessary for the purposes of establishing, exercising or defending legal rights;
    • where you have given opt-in consent to us adding your information to our marketing database and to sending you marketing communications, because you have consented to us processing your information for marketing purposes;
  • the processing is necessary for achieving our legitimate interests of:
    • performance of the contract for legal services entered into between the organisation that you work for or represent and us. This includes where you have instructed us to take pre-contractual steps (such as providing you with a costs and time estimate to for us to provide our services) prior to us formalising the contract;
    • keeping a record of incoming enquiries, the nature of those enquiries and the person who made them for administrative purposes, including handling any complaint you make or dispute which may arise between us; and
    • where we are relying on the soft opt-in under the Privacy and Electronic Communications Regulations in order to send you marketing communications, or those regulations do not otherwise apply, because we have a legitimate interest in keeping you up to date with our services and events,
      and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes;
  • the processing is necessary for us to comply with our legal and regulatory obligations, this includes but is not limited to the detection and prevention of fraud and crime; and
  • where we conduct checks in accordance with our anti-money laundering procedures, these are based on the legal grounds identified in section 2 (Anti-money laundering procedures) below.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law.

When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

In most cases we will retain a record of your personal information for eight years from the date of closure of your physical file. Electronic files will be retained for a longer period from the date of closure of the physical file.

Personal information is kept for longer, typically sixteen years, if it is contained in a deed. If we are the custodians of your Will, we will retain this indefinitely. If a matter concerns a child then we keep the file for eight years following the eighteenth birthday of the child (or the youngest child if the matter concerns more than one).

If you are raising a complaint with the firm, the retention period of the complaint file is 12 years.

These retention periods are given as a general guide and may vary depending on the nature of your matter and the forms of documentation in which your personal information is recorded.

Upon expiry of the applicable retention period and subject to any ongoing legal obligations we may have to keep your information for a longer period, we will:

  • take appropriate steps to return documentation containing your personal information to you;
  • anonymise your personal information on our systems so that you can no longer be identified from it; and/or
  • securely destroy your personal information.

Who is my information shared with and for what purpose?

Over the course of our instruction, your personal information may legitimately be shared with a number of third parties. We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • in litigation, to the Court, which is subject to its own statutory duty to maintain the confidentiality and security of your personal information;
  • if you ask us to instruct counsel (including foreign counsel), mediators or other third party professional service providers on your behalf, or you instruct us to take pre-contractual steps (such as obtaining fee estimates) from them, then we will share your information with such persons and organisations as is necessary to comply with your instructions;
  • the persons identified in section 2 (Anti-money laundering procedures), below;
  • regulatory and government bodies, where we have a legal obligation to do so (including but not limited to Lexcel and CQC);
  • if you are raising a complaint with the firm, the complaint will be shared with our insurers and insurance brokers, the legal ombudsman and (in anonymised form) the SRA, and
  • any other person who you instruct us to share your personal information with or with whom we may reasonably be expected to share it with in order to deal with your enquiry.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

SECTION D – ATTENDEES TO OUR TRAINING SESSIONS, SEMINARS AND EVENTS

This section applies to you if you attend a training session, seminar or other event hosted by Paris Smith. This includes, to the extent applicable, online webinars and remote training sessions. It also applies to members of our Charities Forum.

What information do you process and for what purpose?

At your point of booking, you (or an employee or representative from your organisation) will provide us with certain personal information about you.

That information can include your full name, email address, contact telephone number, contact address, car registration number, your job title or specialism and details of your employer or the organisation you represent.

We may also process sensitive personal information about you which could include allergy or dietary requirements or information about your health or mobility requirements.

We use this information to:

  • manage your booking or attendance, including to send you information about the event;
  • where the event is catered, to accommodate your dietary requirements and, depending on the nature of your requirements, to make appropriate people aware so that they can ensure your safety and comfort;
  • where you have notified us of your health or mobility requirements, to best accommodate you at the event and, depending on the nature of your requirements, to make appropriate people aware so that they can ensure your safety and comfort;
  • maintain a record of attendees at our events for internal audit purposes and to better respond to any questions or enquiries received from you after the event;
  • send you marketing information about our services which we think will be of interest to you, including inviting you to further Paris Smith events, unless you have indicated that you do not wish to receive these types of communications; and
  • administer a dispute or potential dispute arising between us, for example if you were unhappy with the event in any way.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

  • the processing is necessary for the performance of the contract between you (or the organisation you work for or represent) and us. This includes where you have instructed us to take some pre-contractual steps (such as providing you with an indication of costs and availability for one of our training sessions) prior to us formalising the contract;
  • where you provide us with your allergy, dietary, health or mobility requirements, because you have consented to us processing and, where applicable, sharing this information in order to accommodate your requirements. If you do not consent to us processing your information in this way then we may not be able to accommodate you at our events;
  • where you have given opt-in consent to us adding your information to our marketing database and to sending you marketing communications, because you have consented to us processing your information for marketing purposes; and
  • the processing is otherwise necessary for achieving our legitimate interests of:
    • arranging and hosting our Charities Forum events;
    • keeping a record of attendees at our events so that we can improve our engagement and conduct internal analysis for administrative and business development purposes; and
    • where we are relying on the soft opt-in under the Privacy and Electronic Communications Regulations in order to send you marketing communications, or those regulations do not otherwise apply, because we have a legitimate interest in keeping you up to date with our services and events where we think these will be of interest to you, based on the events of ours which you have attended, and because you have not taken the opportunity to opt-out of receiving such marketing communications
      and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law.

When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

If you attend one of our events then we will typically keep your information for the following periods of time:

  • your personal information (such as name, contact details) will be retained for up to 6 years from the date of the event. This is primarily so that we can properly address any queries or comments you might have or invite you to similar events or repeats of the same event. After this time your information may be anonymised or deleted, unless you have consented to being added to our marketing database;
  • if you have consented to being added to our marketing database (including where you have consented to becoming a Charities Forum member) then we will retain your information for the duration of our relationship; and
  • for sensitive personal information relating to an allergy, dietary, health or mobility requirements, we keep this information for up to six years the end of the event, unless we agree a longer period of retention with you. We may agree such a longer period with you if we expect you to attend our events in the future and we both agree that it would be sensible for us to keep a persistent record of your needs in order to ensure we similarly accommodate you in the future. If we do agree to a longer period then that consent will be kept under review and, if you do not attend an event of ours within that period months then we will seek to refresh that consent with you or otherwise confidentially destroy the information.

Upon expiry of the applicable retention period and subject to any ongoing legal obligations we may have to keep your information for a longer period, we will:

  • take appropriate steps to return documentation containing your personal information to you;
  • anonymise your personal information on our systems so that you can no longer be identified from it; and/or
  • securely destroy your personal information.

Who is my information shared with and for what purpose?

We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the following people or groups of people:

  • where we use outsourced caterers at an event, we will share details of your name, allergy and dietary requirements with them. The caterers may be able to identify you from the details provided to them in order to provide you with the correct meal, and in certain circumstances, for example where your allergy is severe or there is a pressing need to prevent cross-contamination. We may similarly share information about your health and mobility requirements on a need-to-know basis with our hospitality providers so that they can work with us to accommodate you. In each instance, we ensure that if you are identifiable from the information we share with the relevant third party that they keep such information confidential and that it is retained only for so long as necessary to carry out the services we have requested of them;
  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • regulatory and government bodies, where we have a legal obligation to do so; and
  • any other person who you instruct us to share your personal information with.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

SECTION E – SUPPLIERS, CONTRACTORS AND THEIR EMPLOYEES AND REPRESENTATIVES

This section applies to you if you are a supplier or contractor of ours, or you work for or represent a supplier or contractor of ours. For this purpose, ‘suppliers’ and ‘contractors’ include ‘potential suppliers’ and ‘potential contractors’, i.e. where communications are sent between us with a view to establishing a supplier or contractor relationship.

What information do you process and for what purpose?

If you are a sole trader or partner in a legal partnership then we may receive personal information from you directly or from an employee or representative of your business. If you are a contact for an organisation then we may receive your contact details from you directly, from another employee or representative of the organisation. In some circumstances, we may also be provided your information by a third party, for example where they refer you to us.

We will typically process the following personal information about you: your name, email address, telephone number, contact address, job description or specialism and details of your employer or the organisation you represent. If you are a sole trader or a partner in a legal partnership then you may be personally identifiable from your business’ banking information provided to us.

We use this information to:

  • discuss with you the products or services you or your organisation offer, including taking pre-contractual steps such as obtaining a price quote and responding to your enquiries;
  • perform the contract between you, or your organisation, and us;
  • manage the account we hold with you or your organisation;
  • comply with our internal record keeping and audit procedures; and
  • administer a dispute or potential dispute arising between us.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

  • the processing is necessary for the performance of the contract between you (if you are a private individual) and us. This includes where we have instructed you to take some pre-contractual steps prior to us formalising the contract; and
  • the processing is necessary for achieving our legitimate interests of:
    • the performance of the contract between the organisation that you work for or represent and us. This includes where we have instructed you to take some pre-contractual steps prior to us formalising the contract;
    • keeping a record of suppliers and contractors as well as their contacts, should we wish to make use of your services in the future (whether by way of new or repeat business); and
    • keeping accurate records of the contractual terms we have agreed and who they were agreed with, should a dispute ever arise between you, or the organisation you work for or represent, and us,
      and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law. When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

We typically keep your information for the following periods:

  • if you make an enquiry with us, or vice versa, but you (or your organisation) do not subsequently become a supplier or contractor of ours, then we keep your information for 18 months from the date of our discussions ending (or if we did not reply, the date of your enquiry);
  • if you respond to a tender process with us, or vice versa, but the tender application is unsuccessful, then we keep your information until the conclusion of any subsequent tender process;
  • if a contract was entered into between you, or your organisation, and us, 8 years from the date that contract ended unless the retention of your personal information is not necessary for our purposes set out above in which case we will confidentially destroy your information unless we have another lawful justification for retaining it.

These periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises or where we consider there is a reasonable business needs (our legitimate interest) to keep your information which is not overridden by your rights and freedoms as a data subject.

Who is my information shared with and for what purpose?

We only share your information insofar as is necessary to comply with your lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the groups of people:

  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • regulatory and government bodies, where we have a legal obligation to do so; and
  • any other person who you instruct us to share your personal information with.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with the US Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

SECTION F – ALL OTHER PEOPLE, INCLUDING COUNTERPARTIES IN LEGAL DISPUTES, REFERRERS, POTENTIAL REFERRERS AND BUSINESS CONTACTS.

For any other person for whom we process personal data, such processing is carried out only insofar as is necessary for us to provide our services, administer our business or comply with our legal obligations.

If you are a counterparty in a legal claim or dispute then we will typically receive personal information about you from your legal representation or from you directly.

What information do you process and for what purpose?

In all cases, we may receive information including your name, address, data of birth and email address. Depending on the circumstances, we may receive significantly more categories of information than this.

If you are a beneficiary of a trust we are settling or administering then in certain circumstances we will require you to confirm your name, address, date and country of birth, country of residence and national insurance number (or local equivalent). This is because we have a legal obligation to keep a record of this information. Additionally, in certain circumstances we may be required to share certain information about you with HMRC for tax reasons. This information would include your full name, date of birth, national insurance number, telephone number and email address. We will inform you where this is the case.

What are your legal grounds for processing my information?

We process your information on the following legal grounds:

  • processing is necessary for us to comply with our legal obligations, including under the Common Reporting Standard (CRS) where we are instructed in respect to trusts; and
  • the processing is necessary for achieving our legitimate interests of:
    • the performance of the contract between the firm and our client, our employees, our suppliers and other third parties. This includes where we are instructed to take some pre-contractual steps prior to us formalising the contract;
    • keeping a record of suppliers and contractors as well as their contacts; and
    • keeping accurate records of the contractual terms we have agreed and who they were agreed with, should a dispute ever arise between you, or the organisation you work for or represent, and us,

and, in accordance with data protection law, we have carefully weighed your interests and fundamental rights and freedoms against our interest to process your information and are satisfied that we are justified in processing your information for these purposes.

How long do you keep my information for?

We only keep your information for so long as it is reasonably necessary, subject to any minimum retention periods which are applicable by law.

When setting our data retention periods, we consider the amount, nature, and sensitivity of the information we hold, the potential risk of harm from unauthorised use or disclosure of the information and the purposes for which we process the information (including whether we can achieve those purposes by other means). We also take into account our other legal obligations to keep or securely dispose of personal information.

We typically keep this sort of information for a period of 8 years after the conclusion of the relationship under which your information was given to us. If we received your information in the course of us providing legal services to one of our clients then the retention period will typically end 8 years from the date we close that client file. Our retention periods may be extended if, for example, a legal dispute between you, or your organisation, and us arises.

Who is my information shared with and for what purpose?

We only share your information insofar as is necessary to comply with our lawful instructions, to comply with the law, to protect our rights or to update and maintain our IT systems.

In order to achieve these purposes, we will share your data with the groups of people:

  • certain of our IT and software providers. Typically, your personal information will be encrypted before it is transferred to our providers but in certain circumstances they may require access to unencrypted data, for example when we need to troubleshoot an issue with our IT systems. Our IT providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times;
  • regulatory and government bodies, where we have a legal obligation to do so; and
  • any other person who you instruct us to share your personal information with.

Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.

2 ANTI-MONEY LAUNDERING PROCEDURES

We have a legal obligation to comply with anti-money laundering laws and regulations. Broadly, money laundering can arise if a person acquires, retains, transfers, uses or controls the proceeds of a crime for the benefit of a criminal activity. In this section, references to money laundering include references to similar financial offences committing in relation to terrorism.

In order to fulfil our legal obligations, we must verify the identity of new clients, and in certain circumstances existing clients. Additionally, from time to time our internal procedures may also require us to conduct background checks on new and existing clients.

This means that, if you are an individual client or prospective individual client of ours then we will need to verify your identity using a secure and confidential ID checking service operated by an external service provider. For individual clients, these identity and background checks may require us to take a copy of your photographic identification and a recent utility bill.

For clients or prospective client which are not individuals, such as companies, we may need to verify the identity of directors, other officers, shareholders, beneficial owners and instructing employees or representatives of the organisation. The checks conducted on these persons are broadly the same as those we conduct on individual clients.

We will therefore typically require a copy of the person’s photographic identification and a recent utility bill in order to complete the verification process. In the case of organisations having a different corporate structure, equivalent requirements will apply and we will notify you of these where applicable.
2.5 For both individuals and corporate clients (including prospective clients) we may require evidence of source of funds at the outset of our instruction and possibly from time to time throughout our relationship.

We may request and/or obtain this information from third party sources. The sources for such verification may comprise documentation which we request from the client (or prospective client) and/or through the use of online sources.
2.6 In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. In other circumstances we may agree to commence acting whilst these procedures are carried out. We reserve the right to decline to act or, if appropriate, cease to act should these procedures not be completed to our satisfaction.

We may also be required to make detailed enquiries of any unusual transactions such as the transfer of large amounts of cash and such enquiries may result in us processing additional personal information.
Grounds for processing your data for anti-money laundering purposes
2.7 We process your information in the manner set out above on the following legal grounds:
2.7.1 processing is necessary for the performance of a contract between you (as a private individual) and us, including where processing is necessary for us to take pre-contractual steps. This will be the case where we are legally prevented from acting for you until the relevant checks and procedures have been completed;
2.7.2 where we have a contractual relationship with the organisation you work for or represent, because we have a legitimate interest to process your information to ensure that we are not involved in or otherwise facilitate money laundering activity and such interests do not outweigh your rights and freedoms as a data subject;;
2.7.3 processing is necessary for our compliance with our legal obligations under anti-money laundering laws and regulations; and
2.7.4 should the processing we conduct in line with our anti-money laundering procedures exceed the minimum level of processing required by the relevant law and regulations, because we have a legitimate business interest in taking additional precautions to ensure that we are not involved in or otherwise facilitate money laundering activity. In accordance with data protection law, we have considered your fundamental rights and interests as a data subject and are satisfied that our processing is lawfully justified.

Disclosure of your information to third parties for anti-money laundering purposes.
2.8 For the purposes of carrying out our electronic ID checks, we may share your information with our external ID check providers. Such providers are subject to strict contractual obligations to treat your personal information with the utmost sensitivity, to keep it confidential and to comply with data protection law at all times.
2.9 Your information may be transferred outside of the EEA depending on which of our internal systems your information is stored within. However, any such transfers are carried with appropriate safeguards in place. These safeguards will typically involve the reliance on Commission-approved model clauses or the recipient being registered with the US Privacy Shield. For more information, please contact us using the details set out in section 9 (Contact) below.
2.10 In certain circumstances, we may process your personal information without further notification to you. This applies, for example, where we make a report in good faith under the Terrorism Act 2000 or Proceeds of Crime Act 2002 (the “Acts”). Such processing is justified under data protection law on the basis that it is in the substantial public interest.
Retention of personal data for anti-money laundering purposes
2.11 We are legally obliged to retain your personal information for anti-money laundering purposes for 5 years from the end of the business relationship or transaction between us. Please refer to our retention periods set out in the appropriate Section above.

3 AUTOMATED DECISION MAKING

We do not make automated decisions about you based on your information. Should this change then we will let you know.

4 YOUR RIGHTS

Under data protection law you have the following rights:

  • the right to be informed as to what we do with your information. This includes but is not limited to the right to know what information we gather, process and store, what we do with it, who we share it with and how long we keep it for. This information is set out in this privacy notice. Please note that, as set out in the above section 2 (Anti-money laundering procedures), in certain circumstances we are legally obliged not to disclose certain processing information to you. If you have any questions then please contact our Data Protection Officer using the details set out at section 9 (Contact) below;
  • if we are processing your data on the basis of your consent then you have the right to withdraw that consent at any time. Depending on the context of our processing, consent can be withdrawn by:
    • notifying us using the information set out at section 9 (Contact) below;
    • clicking the opt-out/unsubscribe link in our email marketing communications; or
    • speaking to the lawyer who is working on your matter.
      Please note that the lawfulness of our historic processing based on your consent will not be retrospectively affected by your withdrawal of consent. Furthermore, we may have a legal obligation or right to retain your information on our files notwithstanding that you have withdrawn your consent to our processing. Should this be the case, we will notify you around the time we acknowledge your withdrawal of consent;
  • the right to access a copy of your information which we hold. This is called a ‘subject access request’. Additional details on how to exercise this right are set out in section 6 (Access to information), below;
  • the right to prevent us processing your information for direct marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. If you are a new client or contact of the firm after 25 May 2018, you can exercise your right to prevent such processing by leaving unticked certain boxes on the forms we use to collect your data. Any client or contact of the firm can also exercise the right at any time by contacting us using the details set out in section 9 (Contact) below;
  • the right to object to decisions being made about you by automated means. We will inform you if your information is subject to automated processing;
  • the right to object to us processing your personal information in certain other situations;
  • the right, in certain circumstances, to have your information rectified, blocked, erased or destroyed if it is inaccurate; and
  • the right, in certain circumstances, to claim compensation for damages caused by us breaching data protection law;
  • enhanced rights to request that we erase, rectify, cease processing and/or delete your information; and
  • in certain circumstances, the right to request the information we hold on you in a machine readable format so that you can transfer it to other services. This right is called ‘data portability’. Additional details on how to exercise this right are set out in section 6 (Access to information), below.

For further information on your rights under data protection law and how to exercise them, you can contact Citizens Advice Bureau (www.citizensadvice.org.uk) or the Information Commissioner’s Office (www.ico.org.uk).

If you wish to complain about how we have handled your personal information then you have the general right to complain to us (in the first instance) and, if you are not satisfied by our response and depending on the nature of the complaint, to the Information Commissioner’s Office and/or the Legal Ombudsman (in the second instance). Our contact details are set out in section 9 (Contact) below and full details of our complaints procedure are available on request.

5 COOKIES

Our site uses cookies to distinguish you from other users of our site. We use the following cookies for our site to function:

  • muxData , __distillery and **wistia-http2-push-disabled** – to track video views and select an appropriate playback method for your device;
  • _jIncludedInSample and parissmith.vuture.net_VxSessionId and intEmailHistoryId – to track visitor interaction with our website; and
  •  _gid, _gat and _ga, – to track visitor navigation of our website using Google Analytics, including where visitors have come from and the pages visited. Visitors to our site who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our site. This will mean that some features of our site and online services may not function properly without the aid of cookies.

6 ACCESS TO INFORMATION

Under data protection law you can exercise your right of access by making a written request to receive copies of some of the information we hold on you. You must send us proof of your identity, or proof of authority if making the request on behalf of someone else, before we can supply the information to you. If there is any question as to the verification of your identity, we will respond directly to the data subject him/herself. Requests should be sent to your usual point of contact and copied to our Data Protection Officer by email to DPO@parissmith.co.uk or by post to The Data Protection Officer, Paris Smith LLP, 1 London Road, Southampton, SO15 2AE.

We will initially respond to you to confirm the timeframe that is applicable to your request.

If you are requesting copies of documents you already possess, we may charge our reasonable administrative costs. We will also be allowed to charge you for our reasonable administrative costs in collating and providing you with details of the requested information which we hold about you if your request is clearly unfounded or excessive. In very limited circumstances, we are also entitled to refuse to comply with your request if it is particularly onerous.

In certain circumstances, you may be entitled to receive the information in a structured, commonly used and machine readable form.

7 DATA SECURITY

We have various IT and Security policies in place and we will always store your digital information on secure servers which are based in the UK or a country which the EU has deemed to have adequate security measures in place. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your information, we cannot guarantee the security of your information transmitted to our site or otherwise to our servers (such as by email). Any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

8 CHANGES TO OUR PRIVACY NOTICE

This notice was last updated on 21 May 2018. Any material changes we may make to our privacy notice in the future will be posted on this page. Where we hold your contract information, material changes to how we collect or use your personal information will be notified to you directly. Please check back frequently to see any updates or changes to our privacy notice.

9 CONTACT

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to FAO the Data Protection Officer, Paris Smith LLP, 1 London Road, Southampton, SO15 2AE, England or DPO@parissmith.co.uk.

Southampton Contact

Alan Cousins
Practice Director

T: 023 8048 2312
Send an email

View Profile

Contact Us

We’d love to hear from you. Please fill in the contact form below or call us at one of our offices.

Southampton
02380 482 482

Winchester
01962 679 777

Request a callback

For more information on how we deal with your personal information please see our Privacy Notice.