Waterstone Legal is committed to protecting your privacy. This statement describes how we collect and use your personal data. It also describes the rights you have and control you can exercise in relation to it.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Who we are?
Waterstone Legal is a forward-thinking legal practice providing legal services.
If you have any questions about our use of your personal data, please use the following contact:
Address: Waterstone Legal, 171 Cannon Street Road, London E1 2LX Telephone: 0207 063 9040
Fax: 0207 063 9041
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What personal information do we collect about you?
We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff and clients.
The personal information that we process includes:
- Contact information: your name, position, role, company or organisation, telephone (including mobile phone number where provided) as well as email and postal address Contact information, such as your postal address, email address and phone number(s)
- Business information: data identifying you in relation to matters on which you instruct us or in which you are involved
- Technical information: such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically
- Information in connection with investigations or proceedings: where this is necessary to conduct the investigation or proceedings
- Personal information provided to us: such as Identification and background information provided by you or collected as part of our business acceptance
- processes or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data
- Online data: [when you access this website and our technology services, information about your visit including URL clickstream to, through and from our website (including date and time), information about your network as such as information about devices, nodes, configurations, connection speeds and network application performance; pages viewed or searched for, page response times, download errors, length of visits and interaction information (such as scrolling, clicks, mouse-overs) and whether you click on particular links or open our emails]
- Any other information relating to you which you may provide to us
- How we obtain your personal information?
- We collect information from you: as part of our business acceptance processes and about you and others as necessary in the course of providing legal services or while monitoring our technology tools and services, including our websites and email communications sent to and from Waterstone Legal or when you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms or applications.
- We may collect or receive information about you: from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources
- Please do not send us confidential information: until we have confirmed in writing that we represent or act for you or your company or organisation.
- Unsolicited emails: from non-clients do not establish a lawyer-client relationship. They may not be privileged and, therefore, may be disclosed to others.
How we use your personal information
We use your personal data for the following purposes:
- Business relationship: managing and administering our relationship with you, your company or organisation including keeping records about business contacts, services and payments so we can customise our offering for you, develop our relationship and target our marketing and promotional campaigns;
- Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services;
- Events: running legal briefings, roundtables and other events;
- Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise;
- Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able to take instructions if you do not provide the information we need to do these checks;
- Website monitoring: to check the website and our other technology services are being used appropriately and to optimise their functionality;
- Site security: to provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings);
- Online security: protecting our information assets and technology platforms from unauthorised access or usage and to monitor for malware and other security threats;
- Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements;
- Managing suppliers: who deliver services to us;
- Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests section of this policy below.
On what basis we use your personal information
We use your personal information on the following basis:
- To perform a contract: such as engaging with an individual to provide legal or other services
- Necessary to deal with legal claims: for example, involving court proceedings
- Compliance: To comply with legal and regulatory obligations
- Consent: we have your explicit consent for the processing
How long do we keep your data?
We generally keep your information as needed to provide our legal services and to deal with claims. This will depend on a number of factors such as whether you or your company or organisation are an existing client or have interacted with recent client mailings or bulletins or attended recent events. We will retain your information as necessary to comply with legal, accounting or regulatory requirements. Typical retention periods will range from 3 to 15 years.
Who we share your personal information with?
We share your information as with others as follows:
We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Suppliers: to whom we outsource certain support services such as word processing, translation, photocopying and document review
- Third parties engaged during the services: we provide to clients and with their prior consent, such as barristers, local counsel and technology service providers like data room and case management services
- Regulatory authorities: such as courts, tribunals, government agencies and law enforcement agencies where necessary, or for the reasons set out in this policy.
- Others: Our professional advisers and auditors and our IT service providers and third parties involved in hosting or organising events or seminars
We will use reasonable endeavours to notify you and protect your personal information. We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.
How we protect your personal information
We will hold your information securely in line with physical, technical and administrative security measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
However, the transmission of information via the internet is not completely secure. Although we will take reasonable measures to protect your personal information, we cannot guarantee the security of your information transmitted and any transmission is at your own risk.
Your rights regarding your personal information
The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects. The availability of these rights and the ways in which you can use them are set out below in more detail.
- Access: you are entitled to ask us if we are processing your data and, if we are, you can request access to your personal data. This enables you to receive a copy of the personal data we hold about you and certain other information about it;
- Correction: you are entitled to request that any incomplete or inaccurate personal data we hold about you is corrected;
- Erasure: you are entitled to ask us to delete or remove personal data in certain circumstances. There are also certain exceptions where we may refuse a request for erasure, for example, where the personal data is required for compliance with law or in connection with claims;
- Restriction: you are entitled to ask us to suspend the processing of certain of your personal data about you, for example if you want us to establish its accuracy or the reason for processing it;
- Transfer: you may us to help you request the transfer certain of your personal data to another party;
- Objection: where we are processing your personal data based on a legitimate interests (or those of a third party) and you may challenge this. However, we may be entitled to continue processing your information. You also have the right to object where we are processing your personal information for direct marketing purposes;
- Automated decisions: you may contest any automated decision made about you where this has a legal or similar significant effect and ask for it to be reconsidered.
- Consent: where we are processing personal data with consent, you can withdraw your consent.
Some of these rights will only apply in certain circumstances. If you would like to exercise, or discuss, any of these rights, please contact one of the Data Privacy contacts set out in this Policy above, in writing at the relevant email address.
We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by email to email@example.com