This Notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
WHAT WE NEED
Stephensons Solicitors LLP (“Stephensons”) will be what is known as the ‘data controller’ of the personal information you provide to us.
Under the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) there are two types of personal data (personal information) that you may provide to us:
- Personal Data: is the general information that you supply about yourself – such as your name, address, gender, date of birth, contact details etc.
- Sensitive Personal Data: is, by its nature, more sensitive information and may include your racial or ethnic origin, political opinions, philosophical views, religion, trade union membership, health data, sexual orientation etc.
WHY WE NEED IT
If you apply for a position with Stephensons we will use the information you provide to assist in the recruitment, selection and employment process. We will not collect any personal data we do not need.
WHAT WE DO WITH IT
All of the data (both personal and sensitive) will be obtained from yourself and will be processed (recorded, used, retained) for the purpose of our own internal use:
- To assist in the selection process for employment purposes
- For equal opportunity monitoring
- For personnel recording
WHO HAS ACCESS TO IT
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Stephensons. However there may be circumstances where we do, in accordance with the law and/or other regulatory requirements, share your information with the following:
- We may pass your information to third party service providers for the purpose of processing your information on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and confidential.
- In line with our obligation to share anonymised diversity data with our regulator, we may pass your anonymised data to the Solicitors Regulation Authority (SRA).
- From time to time we may also provide named individuals within tender submissions.
- To comply with law or regulations.
- If there is an emergency and we think you or other people are at risk.
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the cases we will contact you separately to ask for your consent which are free to withdraw at any time.
HOW DO WE PROTECT YOUR PERSONAL DATA
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as firewalls and data encryption and annual penetration testing; and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
HOW LONG WE KEEP IT FOR
Your personal information will be retained only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us.
WHAT ARE YOUR RIGHTS?
Under GDPR, you are entitled to access your personal data (otherwise known as a Subject Access Request). If you wish to make a request, please do so in writing addressed to our Data Protection Officer Ann Harrison.
Under GDPR, in addition to the ‘right of access’, you have the following rights:
- The right to be informed: which is fulfilled by way of this Privacy Notice and our transparent explanation as to how we use your personal data
- The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete
- The right to erasure (otherwise known as the ‘right to be forgotten’): you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
- Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
- Where you withdraw consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
- An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse- we must stop processing in this context
- You must have an objection on grounds relating to your particular situation
- We must stop processing your personal data unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- The processing is for the establishment, exercise or defence of legal claims
- The right to restrict processing: you have the right to request that processing of your personal data stops; we can retain and store your data but not further process it. This right only applies in the following circumstances:
- Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of the data
- Where processing is unlawful and you oppose erasure and request restriction instead
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim
COMPLAINTS ABOUT THE USE OF PERSONAL DATA
Should you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Ann Harrison and you can contact them at email@example.com.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).