This Policy was last updated on: 30 January 2023

Introduction

In the course of our acting for you, we may receive information relating to you, your directors,  shareholders, beneficial owners, employees, agents, associates, family members and other  individuals that you deal with or have personal data about. In this Policy, we refer to this information  as “personal data”.

This Policy sets out the basis on which we will process this personal data. Please read the Policy  carefully to understand our practices regarding personal data and how we will use it.

About Fox Williams LLP

The controller in respect of personal data is Fox Williams LLP, a limited liability partnership  registered in England and Wales under number OC320160. Our registered office is at 10 Finsbury  Square, London, EC2A 1AF.

Fox Williams LLP is registered with the Information Commissioner’s Office under registration number  Z9541811. Fox Williams LLP is authorised and regulated by The Solicitors Regulation Authority.

References in this Policy to “FW”, “we”, “our” and “us” are references to Fox Williams LLP.

Contacting us

We are not required to appoint a formal Data Protection Officer under data protection laws.  However, our Privacy Manager is Nigel Miller.

If you have any questions about this Policy or your information, or to exercise any of your rights as  described in this Policy or under applicable data protection laws, you can contact us as follows:

By post:

Privacy Manager (Nigel Miller)

Fox Williams LLP, 10 Finsbury Square, London EC2A 1AF

By email: privacy@foxwilliams.com

By telephone: +44 (0)20 7628 2000 

Data protection principles

Anyone processing personal data must comply with the principles of processing personal data as  follows:

  • Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a  transparent manner.
  • Purpose limitation – data must be collected for specified, explicit and legitimate purposes and  not further processed in a manner that is incompatible with those purposes.
  • Data minimization – data must be adequate, relevant and limited to what is necessary in  relation to the purposes for which they are processed.
  • Accuracy – data must be accurate and, where necessary, kept up to date.
  • Storage limitation – data must be kept in a form which permits identification of data subjects  for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality – data must be processed in a manner that ensures appropriate  security of the personal data, including protection against unauthorised or unlawful processing  and against accidental loss, destruction or damage by using appropriate technical or  organisational measures.

This Policy describes the personal data that we collect and explains how we comply with these  principles.

Information we collect

We collect the personal data as necessary to enable us to carry out your instructions, to manage and  operate our business and to comply with our legal and regulatory obligations.

The personal data that we may collect will depend on why you have instructed us, and may comprise  the following:

Contact data: your name, home and business address, telephone numbers and email address.

Identity data: Information to enable us to check and verify your identity including your date of birth,  copies of passport, national identity card, driving licence, utility bills, bank statements and similar  documents.

Financial data: information to enable us to undertake a credit or other financial checks on you;  financial details so far as relevant to your instructions (e.g. the source of your funds if you are  instructing on a purchase transaction); your bank and/or building society details.

Matter data: Information relating to the matter in which you are seeking our advice or  representation, including personal data contained in emails, correspondence and other documents  which you may provide to us; data relating to criminal convictions and offences.

Biographical data: your nationality and immigration status and information from related  documents, such as your passport or other identification, and immigration information (e.g. if you  instruct us on an immigration matter); details of your spouse/partner and dependants or other  family members; your racial or ethnic origin, gender and sexual orientation, religious or similar  beliefs (e.g. if you instruct us on discrimination claim); your eye colour or your parents’ names (e.g. if  you instruct us to incorporate a company for you).

Professional data: your employment status and details including salary and benefits and pension  arrangements; your employment records including, where relevant, records relating to sickness and  attendance, performance, disciplinary, conduct and grievances, (e.g. if you instruct us on matter  related to your employment).

Technical data: information we obtain from our IT and communications monitoring; information  from cookies on our website and similar tracking technologies used in our marketing emails;  information from building access controls.

Third party sourced data: information from Companies Houser; information from your professional  online presence (e.g. website, LinkedIn profile).

We collect and use this personal data to provide legal services. If you do not provide any personal  data that we ask for and that we need to enable us to carry out your instructions, it may delay or  prevent us from providing our services to you.

Where the personal data relates to your directors, shareholders, beneficial owners, employees,  agents, associates, family members or other individuals that you deal with or have personal data  about, you confirm that your provision of this personal data to us is lawful under data protection  laws.

How your information is collected

We collect most of this information from you directly. However, we also collect information:  • from publicly accessible sources, (for example, Companies House);

  • directly from a third party (for example, client due diligence providers or credit reference  agencies);
  • from a third party with your consent (for example, your bank or building society, another  financial institution or advisor; or consultants and other professionals you may engage);
  • from your employer, professional body or pension administrators;
  • via our website – we use cookies on our website and similar tracking devices in our marketing  emails (for more information on our use of cookies and similar tracking devices, please see our  cookie policy);
  • via our information technology systems, including our case management, document  management and time recording systems, building access control systems and reception logs.

How and why we use your information

Our use of your personal data is subject to your instructions, data protection laws and our  professional duty of confidentiality.

We will only process your personal data if we have a legal basis for doing so, including where:

  • processing is necessary for the performance of our contractual engagement with you: this  relates to all personal data we reasonably need to process to carry out your instructions;
  • processing is necessary for compliance with a legal obligation to which we are subject: this  relates to our legal obligations in relation to, for example, anti-money laundering; and
  • processing is necessary for the purposes of the legitimate interests pursued by us, our client or  by a third party, except where such interests are overridden by your interests or fundamental  rights and freedoms: this relates to our processing for marketing purposes, for our  management, accounting and administration purposes and for data security.

The table below further explains the purposes for which FW will use your personal data (excluding  special categories of personal data) and our legal basis for doing so:

Type of information Purpose for which we will process the information Legal basis for the processing
Contact data
Identity data
Financial data
Matter data
Biographical data
Professional data
Technical data
Third party sourced data
To provide legal professional services to you in connection with your matters For the performance of our contract with you or to take steps at your request before entering into a contract
Contact data
Identity data
Financial data
Matter data
Biographical data
Professional data
Technical data
Third party sourced data
To carry out associated administration, record keeping and accounting in connection with your matters and other processing necessary to comply with our professional, legal and regulatory obligations For the performance of our contract with you or to take steps at your request before entering into a contract

To comply with our legal and regulatory obligations

Contact data
Identity data
Financial data
Conducting checks to identify our clients and verify their identity

To comply with our anti-money laundering requirements

To comply with our legal and regulatory obligations
Contact data
Identity data
Financial data
Matter data
Biographical data
Professional data
Technical data
Third party sourced data
To comply with our internal business policies

For operational reasons, such as improving efficiency, training and quality control

It is in our legitimate interests or those of a third party to adhere to our own internal procedures so that we can deliver an efficient service to you. We consider this use to be necessary for our legitimate interests and proportionate
Contact data
Identity data
Financial data
Matter data
Biographical data
Professional data
Technical data
Third party sourced data
To address any complaints or claims

To enforce legal rights or defend or undertake legal proceedings

For our legitimate interests (i.e. to protect our business, interests and rights)

Where necessary for the establishment, exercise or defence of legal claims

Contact data
Technical data
Protecting the security of our systems and data used to provide services

To prevent unauthorised access and modifications to our systems

It is in our legitimate interests to prevent and detect criminal activity that could be damaging for Fox Williams and for you

To comply with our legal and regulatory obligations

Contact data
Professional data
Technical data
Third party sourced data
For marketing our services It is in our legitimate interests to market our services. We consider this use to be proportionate and will not be prejudicial or detrimental to you

In some cases, we may rely on your consent (e.g. for the use of non-essential cookies or similar tracking technologies we use within our marketing emails to track delivery and log when emails are opened)

Contact data
Identity data
Financial data
To carry out credit reference checks It is in our legitimate interests to carry out credit control and to ensure our clients are likely to be able to pay for our services
Contact data
Matter data
External audits and quality checks (e.g. for our Investors in People accreditation and the audit of our accounts) It is in our legitimate interests to maintain our accreditations so we can demonstrate we operate at the highest standards

To comply with our legal and regulatory obligations

Where we rely on legitimate interests as a lawful basis, we will carry out a balancing test to ensure  that your interests, rights and freedoms do not override our legitimate interests. If you want further  information on the balancing test we have carried out, you can request this from our Privacy  Manager.

Where you provide consent, you can withdraw your consent at any time and free of charge, but  without affecting the lawfulness of processing based on consent before its withdrawal.

FW will only use your personal data for the purposes for which we collected it, unless we reasonably  consider that we need to use it for another reason and that reason is compatible with the original  purpose. If we need to use your personal data for an unrelated purpose, we will notify you in a

timely manner (unless otherwise required by applicable law) and we will explain the legal basis  which allows us to do so.

Keeping your information up to date

To help us ensure that your information is up to date, please let us know if any of your personal  details change. You can update your details by contacting our Privacy Manager as provided in  “Contacting us” above.

Data processing

In most cases, FW acts as a controller in relation to the processing of personal data as set in this  Policy. However, in some circumstances we may process personal data on our client’s behalf as a  processor for the purposes of data protection laws. Where we process any personal data on your  behalf as your processor, the terms set out in our data processing addendum, a copy of which is  available on request from our Privacy Manager, shall apply.

Special categories of personal data

Some of the personal data which you provide to us, or which we may receive, will be special  categories of personal data. This is defined by data protection laws to include personal data  revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning  health. We process these special categories of personal data on the basis of one or more of the  following:

  • where you have given explicit consent to the processing of the personal data for one or more  specified purposes;
  • where the processing is necessary for the establishment, exercise or defence of legal claims;
  • where the processing is necessary for reasons of substantial public interest, in accordance with  applicable law.

Data relating to criminal convictions & offences

We collect and store personal data relating to criminal convictions and offences (including the  alleged commission of offences) only where necessary for the purposes of:

  • the prevention or detection of an unlawful act and is necessary for reasons of substantial  public interest;
  • providing or obtaining legal advice; or
  • establishing, exercising or defending legal rights.

Marketing

We use your personal data to notify you by email, telephone, post or SMS about important legal  developments and services which we think you may find valuable, by sending you newsletters,  invitations to seminars and similar marketing.

We do not normally need your consent to send you marketing information. We have a legitimate  interest in using your personal data for marketing purposes (see above ‘How and why we use your  information’).

You have the right to opt out of receiving direct marketing communications from us at any time by  contacting our Privacy Manager using the contact details set out above; or using the “unsubscribe”  link in emails.

Email monitoring

Email which you sendThe table below further explains the purposes for which FW will use your personal data (excluding  special categories of personal data) and our legal basis for doing so: to us or which we send to you may be monitored by Fox Williams to ensure  compliance with professional standards and our internal compliance policies. Monitoring is not  continuous or routine, but may be undertaken on the instruction of a partner where there are  reasonable grounds for doing so.

Third party processors

Our information technology systems are operated by Fox Williams but some data processing is  carried out on our behalf by a third party (see below Disclosure of Personal data). Details regarding  these third party processors can be obtained from our Privacy Manager whose details are given  above.

Where processing of personal data is carried out by a third party processor on our behalf, we  endeavour to ensure that the processor provides sufficient guarantees to implement appropriate  technical and organisational measures so that processing will meet the requirements of data  protection laws.

Disclosure of personal data

Personal data will be retained by us and will not be shared, transferred or otherwise disclosed to any  third party, save as set out in this Policy.

If we are working with other parties and professional advisers in relation to any matter handled by  us on your behalf then, unless you instruct us otherwise, we shall assume that we may disclose your  information to them.

We disclose and share personal data:

  • with FW partners, staff and consultants;
  • to other professional advisers acting on your behalf such as counsel, lawyers in another  jurisdiction, your accountant, surveyor or financial adviser;
  • to our bankers for the purposes of making payments to you or on your behalf and whose  privacy notice is available here: https://www.natwest.com/corporates/your-privacy.html;
  • to our professional indemnity insurers or brokers, and our auditors, or risk managers who we  or they may appoint;
  • with third party processors, service providers, representatives and agents that we use to make  our business more efficient, including for our IT services, data storage/back-up and marketing;
  • with debt collection lawyers or agencies;
  • if we, acting in good faith, consider disclosure to be required by law or the rules of any  applicable governmental, regulatory or professional body.

Certain laws (for example, those relating to anti-money laundering and tax fraud) give power to  authorities such as the police or the tax authorities to inspect clients’ information and take copies of

documents. It is possible that, at any time, we may be requested by those authorities to provide  them with access to your information in connection with the work we have done for you. If this  happens, we will comply with the request only to the extent that we are bound by law and, in so far  as it is allowed, we will notify you of the request or provision of information.

In certain circumstances, solicitors are required by statute to make a disclosure to the National  Crime Agency where they know or suspect that a transaction may involve a crime including money  laundering, drug trafficking or terrorist financing. If we make a disclosure in relation to your matter,  we may not be able to tell you that a disclosure has been made.

We may transfer personal data to a successor firm or company which acquires the legal practice  carried on by us. If this happens, we shall ensure that you are notified of the transfer and we shall  secure a commitment from the firm or company to which we transfer personal data to comply with  applicable data protection laws.

International transfers

To deliver services to you, it is sometimes necessary for us to transfer and store your personal data  outside the UK or the European Economic Area (“EEA”) as follows:

  • with our service providers located outside the UK or the EEA;
  • if you are based outside the UK or the EEA;
  • where there is an international aspect to the matter on which we have been instructed.

Where personal data is transferred to and stored outside the UK or the EEA, we take steps to  provide appropriate safeguards to protect your personal data, including:

  • transferring your personal data to a country, territory, sector or international organisation  which the UK Government has determined ensures an adequate level of protection, as  permitted under UK GDPR;
  • entering into an international data transfer agreement in a form approved by the UK  Government, obliging recipients to protect your personal data as permitted under UK GDPR;
  • in the absence of an adequacy decision or of appropriate safeguards as referenced above, we  will only transfer personal data to a third country where permitted under UK GDPR, including  where the transfer is necessary for the establishment, exercise or defence of legal claims.

If you want further information on the specific mechanism used by us when transferring your  personal data out of the UK or the EEA, please contact our Privacy Manager using the details set out  above.

Security of your information

We use industry standard technical and organisational measures to protect information from the  point of collection to the point of destruction.

Unfortunately, the transmission of information via the internet (including unencrypted email) is not  completely secure. Although we will do our best to protect your personal data, we cannot guarantee  the security of your data transmitted over the internet.

How long we keep your information

Personal data received by us will only be retained for as long as necessary to fulfil our engagement.  Following the end of our engagement we will retain your information:

  • to enable us to respond to any queries, complaints or claims made by you or on your behalf;  and
  • to the extent permitted for legal, regulatory, fraud and other financial crime prevention and  legitimate business purposes.

After this period, when it is no longer necessary to retain your personal data, we will securely delete  or anonymise it in accordance with our Data Retention Policy. Further details regarding our data  retention policy can be obtained from our Privacy Manager whose details are given above.

Your rights

You have various rights in relation to your personal data. In particular, you have the following rights:

Access to your information
(also known as a “data  subject access request”)

You have the right to access information which we hold about you. If  you so request, we shall provide you with a copy of your personal  data which we are processing.

We may refuse to comply with a subject access request if the request  is: manifestly unfounded or excessive or repetitive in nature; in  respect of information in respect of which a claim to legal  professional privilege could be maintained in legal proceedings;  and/or in respect of information in respect of which we owe a duty of  confidentiality to our client.

Rectification

You have the right to have inaccurate personal data rectified, or  completed if it is incomplete. We may refuse to comply with a request  for rectification if the request is manifestly unfounded or excessive or repetitive.

Erasure (also known as  the right to be forgotten) 

In certain circumstances, you have the right to request the erasure of  your personal data.

Restriction

In certain circumstances, you have the right to restrict the processing  of your personal data.

Data portability

In certain circumstances, you have the right to receive your personal  data in a structured and commonly used format so that it can be transferred to another controller.

Right to object 

You have the right to object at any time to our processing of your  personal data for direct marketing purposes.

You also have the right to object, on grounds relating to your particular situation, to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Please note that the above rights are not absolute, and we may be entitled to refuse requests,  wholly or partly, where exceptions under applicable law apply. We may refuse a request for erasure,  for example, where the processing is necessary to comply with a legal obligation or necessary for the  establishment, exercise or defence of legal claims.

Exercising your rights

You can exercise any of your rights as described in this Policy and under data protection laws by  contacting our Privacy Manager.

Save as described in this Policy or provided under applicable data protection laws, there is no charge  for the exercise of your legal rights. However, if your requests are manifestly unfounded or  excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable  fee taking into account the administrative costs of providing the information or taking the action  requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we  may request additional information necessary to confirm your identity.

Complaints

If you have concerns about how we are processing your personal data, you can contact the partner  you usually deal with at Fox Williams, or our Privacy Manager using the contact details set out  above.

We ask that you please attempt to resolve any issues with us first, although you also have the right  to make a complaint to the Information Commissioner’s Office who can be contacted at  https://ico.org.uk or by telephone on 0303 123 1113.

Changes to this policy

We may change this Policy from time to time. The current version of this Policy will always be  available from us in hard copy or on our website at https://www.foxwilliams.com/about-us/legal notice/client-data-protection-statement  

When we make changes to this Policy, we will amend the revision date at the top of this page. The  modified Policy will apply from that date.

Search

Search

Portfolio Close
Portfolio list
Title CV Email

Remove All

Download