Protecting Your Privacy
Who we are
Fishman Brand Stone is a firm of solicitors practising in England and Wales and is a ‘controller’ under the General Data Protection Regulation 2016/679, the Data Protection Act 2018 and all relevant EU and UK data protection legislation (“GDPR”). Fishman Brand Stone is also regulated by the Solicitors Regulation Authority (registered number 47600).
Our collection and use of your personal information on our website
We collect personal information about you when you access our website or contact us via our website.
We collect this personal information from you either directly, such as when you contact us via our website or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on the particular activities carried out through our website. This information includes your name, address and contact details.
We use this personal information to verify your identity and to provide services to you
This website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. Fishman Brand Stone uses performance (or technical) cookies to collect information about how visitors use our website when they browse it – whether it is a new or returning visitor, which pages are viewed, how often and most frequently etc. These cookies do not collect any information which uniquely identifies you specifically – all data is aggregated and anonymous.
Data protection principles
When processing personal data we will ensure
- it is processed lawfully, fairly and in a transparent manner
- it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- it is all adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
- it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- it is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
- it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- ensure that the legal basis for processing personal data is identified in advance and all processing complies with the law
- not do anything with your data that you would not expect given the content of this policy and the fair processing or privacy notice
- ensure that appropriate privacy instructions and notices are in place advising staff and others how and why their data is being processed, and, in particular, advising those parties of their rights
- only collect and process the personal data that we need for purposes we have identified in advance
- ensure that, as far as possible, the personal data we hold is accurate, and a system is in place for ensuring that it is kept up to date as far as possible
- only hold onto personal data for as long as it is needed, after which time we will securely erase or delete the personal data
- ensure the appropriate security measures are in place to ensure that personal data can only be accessed by those who need to access it and that it is held and transferred securely
We will ensure that all staff who handle personal data are aware of their responsibilities under this policy and other relevant data protection and information security policies, and that they are adequately trained and supervised
Breaching this policy may result in disciplinary action for misconduct, including dismissal. Obtaining (including accessing) or disclosing personal data in breach of our data protection policies may also be a criminal offence
Whose data do we hold?
We may hold data about the following people:
- Customers and clients
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Complainants and enquirers
What data will we collect?
We will only collect information from you that is relevant to the matter that we are dealing with. In particular we may collect the following information from you which is defined as ‘personal data’:
- Personal details
- Family, lifestyle and social circumstances
- Financial details
- Business activities of the person whose details we are processing
We may also collect information that is referred to as being in a ‘special category’. This could include:
- Physical or mental health details
- Racial or ethnic origin
- Religious beliefs or other beliefs of a similar nature
- Criminal convictions
- Sexual orientation
- Political opinions
- trade union membership
We process special category data of clients and third parties and is necessary to provide legal services.
We process special category data of employees as necessary to comply with employment and social security law
Basis for processing
The basis on which we process your personal data is one or more of the following:
- It is necessary for the performance of our contract with you
- It is necessary for us to comply with a legal obligation
- It is in our legitimate interests to do so
- You have given us your consent (this can be withdrawn at any time by advising our data protection officer)
How will we use your data?
We may use your information for the following purposes:
- Provision of legal services including advising and acting on behalf of clients
- Promotion of our services
- Provision of education and training to customers and clients
- Maintaining accounts and records
- Supporting and managing staff
Who will we share your information with?
Under our Code of Conduct there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist in the proper performance of our contract with you. This may include:
- Medical Experts
- Private investigators
- Healthcare professionals, social and welfare organisations
- Courts, tribunals and government departments
Where you authorise us we may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our bills.
How long will we keep your information for?
- We will normally keep your information throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us.
- In some cases (for example where we have prepared a will for you) we may retain your information for a longer period and we will always advise you of this at the time
Transfers to third countries
- We may from time to time transfer your personal data to a country outside of the EEA.
- Normally this will occur only in connection with the performance of your contract with us or for the exercise or defence of legal claims on your behalf
- Sometimes we may transfer for other reasons and we will ensure that appropriate safeguards are in place at all times
- We shall ensure that all information that you provide to us is kept secure using appropriate technical and organisational measures
- In the event of a personal data breach we have in place procedures to ensure that the effects of such breach are minimised and shall liaise with the ICO and with you as appropriate.
- More information is available from the data protection officer
What rights do you have?
You have the right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:
- the purpose of the processing
- the categories of personal data
- the recipients to whom data has been disclosed or which will be disclosed
- the retention period
- the right to lodge a complaint with the Information Commissioner’s Office
- the source of the information if not collected direct from you, and
- the existence of any automated decision-making
Right of access
You have the right to see the information we hold about you
To access this you need to provide a request in writing to our data protection officer, together with proof of identity
We will usually process your request free of charge and within 30 days however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex
You have the right to request us to rectify inaccurate personal data
Right to erasure
You have a right to ask us to erase your personal data in certain cases (details may be found in Article 17 of the GDPR) but only where
- the data is no longer necessary in relation to the purpose for which it was collected, or
- where consent is withdrawn, or
- where there is no legal basis for the processing, or
- there is a legal obligation to delete data
We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims
To exercise your right to erasure please contact our data protection officer
Restriction of processing
You have the right to ask the sudden processing to be restricted in the following circumstances:
- if the accuracy of the personal data is being contested, or
- if our processing is unlawful but you do not want it erased, or
- if the data is no longer needed for the purpose of the processing but it is required by you for the establishment, exercise or defence of legal claims, or
- if you have objected to the processing, pending verification of that objection
You have the right to receive a copy of personal data which you have provided and which is processed by automated means in a format which will allow the transfer of the data to another data controller. This would only apply if we were processing the data using consent on the basis of a contract
Objecting to processing
You have the right to object to the processing of personal data relying on the legitimate interests of processing condition unless we can demonstrate compelling legitimate grounds for the processing which override your interests or for the establishment, exercise or defence of legal claims
Who can you complain to?
The partners of Fishman Brand Stone take ultimate responsibility for data protection.
If you have any concerns or wish to exercise any of your rights under GDPR you may address those concerns to Robert Brand, who is our data protection lead, at our office address
If your complaint remains unresolved then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk
Monitoring and review
This policy was last updated on Saturday, 28 March 2020 and shall be regularly monitored and reviewed, at least every two years