We’re delighted you’re browsing our website, www.fairsquareLLP.com, and we hope you enjoy your stay. This privacy notice sets out how we use your personal data. Your personal data is data that can be used to identify you, either by itself or when combined with other data available to us. The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data. Fairsquare LLP is a data controller within the meaning of the GDPR and we process personal data.
What personal data do we collect?
We collect the following types of personal data from or about you as a client or potential client:
- If you sign up to our blog mailing list, your name and email address;
- If you submit an enquiry to us, your name, email address, mobile or telephone number, Skype name, and any other information and personal details you decide to and/or have authority to send to us on behalf of you and your business and team members;
- If you visit our website, the data transmitted from your browser, including your IP address, the date and time of your visit, the pages accessed, access/HTTP status code, your browser, operating system and interface, referral source, length of visit, page views, website navigation, language and version of browser software and geographical location;
- If you engage us to provide legal services, your name, email address, address, mobile or telephone number, taxpayer reference number e.g. NI number, Skype name, and any other information and personal details you decide to and/or have authority to send to us on behalf of you and your business and team members, including date of birth, passport and/or driving licence numbers for Know Your Client (“KYC”) purposes.
We tell you if providing some data is optional, including if we need your consent to process it. In all other cases, you must provide your personal data in order for us to provide you with the information and/or services you request.
Why do we process your personal data?
We process personal data we collect for the following purposes and on the following legal bases:
- to operate our website and provide you with access to pages you wish to access;
- if you signed up, i.e. opted in, to our blog mailing list, to send you marketing communications with information on Slicing Pie and UK startups, including the latest news on getting Slicing Pie to work in the UK, occasional musings on being grunts, and changes in the law that may affect you;
- to consider and respond to your enquiry;
- to comply with professional obligations to which we are subject as solicitors regulated by the Solicitors Regulation Authority of England and Wales;
- to enable us to supply legal professional services to you as our client;
- to fulfil our obligations under relevant laws in force from time to time (e.g. for KYC purposes, the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (“MLR 2017”));
- to help us manage our practice, invoice you for our services, keep accurate client records, and generally administer and take care of our relationship with you; and
- to use in the investigation, resolution and/or defence of potential complaints, disciplinary proceedings and legal proceedings.
You are free at any time to change your mind and withdraw your consent. However, if you do so then we will not be able to help, and if you are already a client, we may need to cease to act.
A cookie is a small text file of letters and numbers sent by a web server to a web browser and stored by the browser. This information is sent back by the browser to the server each time the browser requests a page from the server. This enables the web server to retain things like user preferences, store information for shopping carts, and identify a web browser in order to provide anonymised tracking data. Cookies come in two types: “session” cookies and “persistent” cookies. Session cookies are deleted from your computer when you close your browser. Persistent cookies remain stored on your computer until deleted, or until they reach a specified expiry date.
Generally, cookies enhance your browsing experience. However, you can control and manage cookies on this website and on others if you wish to. The most effective way to do this is by changing your cookie preference settings in your browser. You can get guidance on how to do this by looking at the Help section of your browser. Disabling essential cookies may however affect your ability to use the entire functionality of a website.
Third parties with whom we may share personal data
We do not sell personal data. We keep your data confidential and provide it to our third party service providers or agents and to other professional advisors only where you so instruct. In order to provide services to you, we may share your personal data with the third parties identified below in order to comply with our legal obligations, including our legal obligations to you:
- subcontractors who help us provide our services and/or provide professional services to us, including for the requirements of MLR 2017 (or any similar legislation);
- any third parties with whom you require or permit us to correspond;
- professional indemnity insurers;
- our regulator, the Solicitors Regulation Authority, and our professional body, the Law Society in relation to practice assurance, compliance, and/or the requirements of MLR 2017 (or any similar legislation).
If the law allows or requires us to do so, we may also share your personal data with:
- the police and law enforcement agencies
- courts and tribunals
- the Information Commissioner’s Office (“ICO”)
- HM Revenue & Customs (“HMRC”).
If you ask us not to share your personal data with such third parties, we may be unable to act or may need to cease to act.
Transfers of personal data outside the EEA
We process your personal data primarily within the UK. We also use GDPR compliant international services located outside the EU, for example, data processors such as Google Analytics, and backup services where files are securely encrypted. In accordance with our regulatory obligations, when selecting such services, we consider factors such as confidentiality, security, server stability, provider continuity, and whether they comply with other data protection standards including ISO 27001, ISO 27018 and the EU-US Privacy Shield Framework.
Retention of personal data
When acting as a data controller and in accordance with recognised good practice within the legal sector we retain all of our records relating to you as follows (and if more than one category applies to the same personal data, then we retain for the period of the longest applicable category):
- Retention in case of queries: We retain your personal data as long as necessary to deal with your queries.
- Retention in accordance with legal and regulatory requirements: We retain your personal data after your enquiry or matter has been closed or has otherwise come to an end, based on our legal and regulatory requirements.
- Retention in case of claims: We retain your personal data for as long as you might legally bring claims against us.
For clients, our contractual terms provide for the destruction of client files after 6 years (or for certain types of files, such longer periods as may be required in accordance with legal and regulatory requirements and/or our professional rules). Further information on our document retention policy is set out in our Terms of Business, which are available on request.
Requesting personal data we hold about you (subject access requests)
You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).
Please provide all SARs in writing marked for the attention of the Data Protection Officer, Fairsquare LLP.
To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information. For example, you should tell us:
- your name and current address
- the name(s) of the business(es) you originally contacted us about
- the date(s) you originally contacted or engaged us
- any previous or other name(s) you used at that time
- any reference number(s) that we may have given you
- your date of birth
- your national insurance number
- what type of information you want to know.
The DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).
We will not charge you for dealing with a SAR.
You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.
Where you are a data controller and we act for you as a data processor, we will assist you with SARs on the same basis as is set out above.
Putting things right (the right to rectification)
You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.
Deleting your records (the right to erasure)
In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website. Please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.
The right to restrict processing and the right to object
In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website. Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.
Obtaining and reusing personal data (the right to data portability)
In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website.
The right to data portability only applies:
- to personal data an individual has provided to a controller;
- where the processing is based on the individual’s consent or for the performance of a contract; and
- when processing is carried out by automated means.
We will respond to any data portability requests made to us without undue delay and within one month. We may extend the period by a further two months where the request is complex or a number of requests are received but if we do, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
We do not use or intend to use automated decision-making in relation to your personal data.
Withdrawal of consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
- the withdrawal of consent does not affect the lawfulness of earlier processing;
- if you withdraw your consent, we may not be able to continue to provide services to you;
- even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data).
We’re Fairsquare LLP, a law firm authorised and regulated by the Solicitors Regulation Authority with SRA no. 626209, and a limited liability partnership incorporated in England and Wales with no. OC501452. We are registered with the ICO with data protection number ZA174083. When we say ‘we’, ‘us’ or ‘Fairsquare’, that’s because that’s who we are, and we own and run www.fairsquareLLP.com. Our contact details are:
Fairsquare LLP, 21 Longdown Lane North, Epsom, Surrey KT17 3HY
If you have requested details of the information we hold about you and you are not happy with our response, or you think we have not complied with the GDPR or DPA 2018 in some other way, you can make a complaint to us. Please send any complaints to the Data Protection Officer at the contact details above. If you are not happy with our response, you have a right to lodge a complaint with the ICO.