Schofield Sweeney LLP uses personal data. This statement explains how we collect, use and handle that personal data and how we comply with obligations in the General Data Protection Regulation and other relevant data protection legislation (GDPR).
Schofield Sweeney as a Data Controller
Schofield Sweeney LLP whose registered office is at Church Bank House, Church Bank, Bradford, BD1 4DY (number OC303400) is a data controller for the purposes of the GDPR. This means that it is responsible for determining how the personal data which it holds, is used.
Schofield Sweeney LLP is registered as a data controller with the Information Commissioner’s Office (ICO) with number Z8354262.
About this privacy statement
This statement explains how we handle the personal data which we collect, including personal data which is provided to us via our website at www.schofieldsweeney.co.uk, during telephone calls, as a result of face to face contact such as meetings and events and in other correspondence.
Please read this privacy statement carefully. It explains:
We may change this statement from time to time by updating this page and for Client Data, by updating our terms of business.
The personal data we hold
Personal data means data which identifies an individual. We collect and use different types of personal data which can be categorised as follows:
Contact Data including names, job titles, addresses, email addresses and telephone numbers.
Client Data including personal data in connection with and as a result of, providing legal advice (aside from Contact Data). This personal data varies according to the matter in question and in particular, depends on whether you represent a business or are an individual client. For example, we typically hold data about key contacts and other employees within our business clients, including information about their involvement in a matter or transaction. Where we act for individuals, for example, in connection with private wealth or residential conveyancing matters, we may hold bank account details, tax reference and National Insurance number and, if advising an individual in an employment matter, the data may include salary details and employment history including performance and disciplinary matters. In some cases, client data may also include special category data, such as information about health, sexual orientation and ethnic origin where relevant to the matter in question.
Third-Party Data including data about people other than clients used in connection with our services. This usually includes Contact Data about other professionals and counterparties to a transaction. For private client matters, this might include data about family members, trustees and beneficiaries such as name, age, address and family relationship. It may also include data about third party source of funds and those with a beneficial interest in a particular legal entity.
Child Data where occasionally, we hold data about minors where relevant to the provision of legal advice. This might include name, date of birth and information about education if relevant to the matter in question. We will only collect Child Data in connection with a specific matter.
Marketing Data including marketing and communication preferences and data used for networking and business development such as employment history, role and information about personal interests.
How we use personal data
The following explains the purposes for which we use personal data, what categories of personal data apply to those uses and the legal basis we rely on to use the personal data in accordance with the GDPR.
Purpose 1: Operating the Schofield Sweeney website
Data type: We process Contact Data and Technical Data to operate our website. This includes collecting data to deal with its functions such as handling submitted enquiries and job applications. This data also helps us to improve our website and how it operates for example, so that we can monitor the number of content hits.
Legal basis: The use of data for this purpose is in our legitimate interests in managing and improving our website and its content which is an important tool for the development and operation of our business.
Purpose 2: Operating the Schofield Sweeney portals
Data type: We offer a client HR Portal and also provide data rooms on some transactional matters. This includes use of Technical Data such as password and username and Contact Data to provide access to those facilities. It may also include the use of Client Data depending on the nature of the matter.
Legal basis: This data use is in our legitimate interest in being able to offer online facilities for advisory work and for handling information within the course of a transaction efficiently and to provide legal advice.
Purpose 3: Providing legal advice and related activity
Data type: The provision of legal advice is our core function. We use Contact Data, Client Data, Third-Party Data, sometimes Technical Data and very occasionally, Child Data for this purpose and related tasks such as invoicing and payment, handling enquiries and administering our complaints procedure. This purpose may also involve us disclosing personal data to for example, other professionals involved in the matter such as Counsel, bankers, accountants, agents, experts, the Courts and the advisors of counterparties. Occasionally, Contact Data and Client Data may also need to be disclosed to insurers.
Legal basis: For private client matters we use data in this way on the basis that it is necessary for fulfilling our client agreements for the provision of legal advice. In addition, and in particular for our business client matters, we use this data on the basis that it is in our legitimate interest to do so in order to perform our core function of providing legal advice.
Where we use special category data we will either only do so in the context of a particular legal issue, with the consent of the relevant person (or in the case of Child Data, the parent or guardian) or otherwise, because this is necessary for providing legal advice i.e. assisting our clients in establishing, exercising or defending legal claims.
In some cases, we may use personal data to comply with a legal obligation on your behalf. For example, this might include disclosing your data to register a property purchase at HM Land Registry or registering a shareholding or appointment at Companies House.
Purpose 4: Regulatory compliance including money laundering avoidance checks
Data type: Schofield Sweeney LLP is regulated by the Solicitors Regulation Authority (SRA) and is required to comply with the rules specified by that body as well as rules relating to the avoidance of money laundering and other financial crime. We use Contact Data, some Third-Party Data and Client Data such as date of birth, passport and driving licence details to comply with those rules. Some of this is obtained from third party sources including information which is a matter of public record. We may also need to disclose information to our auditors which from time to time, may include Client Data and Contact Data.
Legal basis: This is necessary to ensure that we comply with the legal obligations which we are subject to in particular those we adhere to as a regulated body including regulations in relation to the proceeds of crime and money laundering avoidance, and the SRA Handbook.
Purpose 5: Managing non-client relationships
Data type: We use Third Party Data about suppliers, intermediaries and other professionals including investors, bankers, estate agents, patent and trade mark attorneys, legal and other professional advisors of counterparties, land agents, law cost draftsmen, legal Counsel and Counsel’s clerks, expert witnesses, mediators, costs consultants, surveyors and accountants. This usually only includes Contact Data in relation to those persons.
Legal basis: It is in our legitimate interests to use data for this purpose either in retaining services directly (such as with Counsel) or otherwise because it is for the benefit of our clients in connection with a matter. Using this data facilitates a proper working relationship with third party professionals. We also use some of this data for business development purposes.
Purpose 6: Marketing and business development
Data type: We may send to you, marketing communications such as information about our services, upcoming events and legal updates including by way of our e-newsletter. This use includes Contact Data and Marketing Data whether relating to our clients, professional advisors or other contacts. It may also include some Technical Data where we track user activity and engagement with marketing messages.
Legal basis: It is in our legitimate interests to use data in this way in order to develop our business, win new work and increase our profile. We include people in our marketing database where we have the appropriate consents to do so in accordance with the rules relating to marketing communications for example where we send out electronic marketing communications. We provide further information about this when data is collected such as on event feedback forms and on our online updates sign-up form.
You can ask us to stop sending marketing messages at any time by following the unsubscribe links or by contacting us at any time at firstname.lastname@example.org.
Purpose 7: Recruitment and work placements
Data types: We invite contact from people who are interested in applying for a position with us or who wish to gain work experience. This involves us using Contact Data and other information about experience and employment history to consider an application. People may occasionally provide us with special category data for this purpose for example, health information in order to facilitate an interview.
Lawful basis: We use this type of personal data where we have your consent to do so i.e. we will rely on the fact that you send this information to us as your agreement to us using it for this purpose.
Sources of personal data
Change of purpose
We will only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason. We may process personal data without your knowledge or consent, in compliance with the rules where required or as permitted by law.
If you do not provide personal data
Please note that if you do not provide the personal data we ask for, it may result in a delay in performance of, or may otherwise restrict our ability to perform, our services.
We do not routinely transfer data outside the EU. Occasionally, we deal with matters involving other jurisdictions and that may involve a transfer of personal data outside the EU though we will only do that with your consent in the context of a specific matter. For example, that may involve the transfer of data to lawyers in a different jurisdiction where those persons are subject to their own professional code of conduct.
As a law firm, data security is key and therefore, the security standards we apply to the information we handle (including personal data), are high. We take appropriate precautions and security measures to prevent personal data from being accidentally lost or used, accessed or disclosed in an unauthorised way. These measures include the use of technology but also include other organisational precautions such as the control of access to our offices via fob only access. We also limit access to personal data to those employees, agents, contractors and other persons who need it. We require persons only to use data in accordance with our instructions and to do so confidentially.
Our IT service providers have secure access to data although that access is strictly limited to where required for the provision of relevant services such as support and therefore, is occasional. We have contracts in place with those providers detailing confidentiality and security obligations.
We retain personal data for as long as needed to fulfil the purposes we collected it for, including to satisfy legal, accounting and reporting requirements. To determine retention periods, we consider the type of data and why we need it.
In particular, given that most personal data we hold is used in connection with the provision of legal advice and related tasks such as complying with our obligations in relation to money laundering avoidance checks, we take account of the nature of the matter in question and how long it is appropriate to retain data for. By way of example, it would be appropriate for us to retain personal data in connection with a wills and trusts matter for a longer period of time than in connection with some other types of legal matter such as an employment matter or property transaction. We also take account where relevant, of any practice notes as may be issued by the Law Society from time to time and information published by the SRA (including the SRA Handbook) given the regulated nature of our profession, as well as relevant statutory and other legal requirements and considerations.
In so far as the personal data pertaining to job applications is concerned, we typically retain that information for a period of 6 months from the date on which we receive the application, or for those invited for interview, for a period of 6 months from the date on which a decision is communicated. However, we retain the personal data of work experience and trainee solicitor applicants for longer periods, taking account of the length of those application procedures as a whole and the fact that typically, we invite applications for those roles several months in advance of start dates.
We review the personal data held in our marketing database so as to take account of any marketing preferences we may receive such that anyone from whom we receive an unsubscribe request, will be removed from that database. We also undertake a general review of the database approximately once annually as a way of ensuring that the personal data included in it, remains up to date.
The following summarises the rights of data subjects in the GDPR. Individuals may (depending on circumstances):
Note that there may be exceptions to certain rights in particular, taking account of the nature of our work. For example, litigation privilege and legal advice privilege may mean that certain data cannot be disclosed in response to a request.
Exercising your rights
Please contact us if you would like to exercise any of your rights of if you have any questions about this statement.
Address: GDPR Request, Church Bank House, Church Bank, Bradford, BD1 4DY.
Tel: 01274 306 000
You may complain to the ICO which is the UK supervisory authority for data protection issues (www.ico.org.uk) though to allow us to assist, we would ask that you contact us in the first instance.
No fee is payable to access your personal data (or to exercise any other right). However, we may charge a reasonable fee or refuse to deal with a request if it is unfounded or excessive.
We may need information to clarify a request or help us confirm your identity and ensure your ability to exercise rights. This is a security measure to ensure personal data is not incorrectly disclosed. We seek to respond to all legitimate requests within one month. Occasionally, it may take longer if your request is complex or requests are numerous.
It is important that the personal data we hold is accurate. Please tell us if your data changes. If you provide data to us about another person, such as a colleague or a business partner, you should ensure that you have their consent if appropriate, or other necessary authority, to pass those details on and for us to use them in accordance with this statement. You should also make sure that you bring this statement to their attention.
Third-party links and cookies
Our website includes links to third-party sites and applications including Twitter and Linkedin. Clicking links or enabling applications may allow third parties to collect or share data about you. You should read policies and other statements on other websites carefully. We also operate cookies on our website and information about that is also provided separately in our Cookies Policy.
25 May 2018