Gilbert Stephens LLP is a Limited Liability Partnership incorporated in England and Wales (registered number OC352723) and is a “controller” under the General Data Protection Regulation.
You can contact us:-
- By mail at our registered office which is at is at 15-17 Southernhay East, Exeter EX1 1QE
- By telephone 01392 424242 (ask for the Data Protection Officer)
- By e mail
Whose data do we hold?
We may hold data about the following people:
- Suppliers and service providers
- Advisers, consultants and other professional experts
- Prospective clients
What data will we collect?
We will only collect information from you that is relevant to the matter that we are dealing with. In particular, we may collect the following information from you, which is defined as “personal data”:
- Personal details
- Family lifestyle and social circumstances
- Financial details
- Business activities of the person whose details we are processing
We may also collect sensitive information that is referred to as being in a “special category”. This could include:
- Race or ethnic origin
- Religious beliefs or other beliefs of a similar nature
- Criminal convictions
- Sexual orientation
- Physical or mental health details
Basis for processing
The basis on which we process your personal data is one or more of the following:
- It is necessary for the performance of our contract with you
- It is necessary for us to comply with a legal obligation
- It is in our legitimate interests to do so
- You have given us your consent (this can be withdrawn at any time by advising our Data Protection Officer)
How will we use your data
We may use your information for the following purposes:
- Provision of legal services, including advising and acting on behalf of clients
- Promotion of our services
- Provision of education and training to clients and employees
- Maintaining accounts and records
- Supporting managing staff
Who will we share your information with?
Under our Code of Conduct, there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. These may include:
- Medical experts
- Health Care Professionals
- Social and Welfare organisations
- Courts and Tribunals
- Private Investigators
- Credit Reference Agencies
Sometimes we use third party service providers (data processors) to supply and support our services to you. We have contracts in place with our data processors which ensure that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us and will hold it securely and retain it only for the period we instruct.
Where you authorise us to do so, we may also disclose your information to family, associates or representatives and may also disclose your information to debt collection agencies if you do not pay our bills.
How long will we keep your information for?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When it is no longer necessary to retain your personal information, we will delete or anonymise it. In some circumstances we may anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of it, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal or regulatory requirements.
If you were an existing client as at 1st May 2018, and have been receiving information about our legal services (marketing) from us, we will continue to contact you by postal and electronic means (e-mail) with information about our legal services, unless you ask us not to do so by contacting .
If you become a client after 1st May 2018, we will contact you by post or electronic means with information about our legal services, but only if you have consented to this. You can choose to not receive these types of communication by contacting .
Transfers to third countries
We may from time to time transfer your data to a country outside of the European Economic Area. Normally this would be necessary for the performance of your contract with us, or for the exercise or defence of a legal claim on your behalf. Sometimes we may transfer data for other reasons and we will ensure that appropriate safeguards are in place at all times.
We will ensure that all of the information you provide us with is kept secure using appropriate technical and organisational measures. We hold the Law Society Lexcel Practice Management Standard. In the event of a personal data breach we have in place procedures to ensure the effects of such a breach are minimised and will liaise with the Information Commissioner’s Office and with you as appropriate. More information is available from the Data Protection Officer.
What rights do you have?
You have the following rights under the GDPR:-
- A right to be informed about how we process your data
- A right of access – you are entitled to find out what information we hold about you and why- see below
- A right to rectification so that we must correct or update your details
- A right to erasure – see below
- A right to restrict processing
- A right to data portability enabling you to obtain and re-use the personal data you have given to us
- A right to object to us processing your data for marketing or profiling purposes
- Rights concerning automated decision making and profiling
Right of access
You have a right to see the information we hold about you. To access this you need to provide a request to our Data Protection Officer, together with proof of identity. We will usually process your request free of charge and within 30 days. However, we reserve the right to charge a reasonable administration fee and to extend the period of time by a further 2 months if the request is manifested and founded or vexatious and/or is very complex. Further details are available in our Data Subject Access Policy which is available on request from the Data Protection Officer.
Right to erasure
You have a right to ask us to erase your personal data in certain cases. Details can be found in Article 17 of the GDPR. We will deal with your request free of charge and within 30 days, but reserve the right to refuse to erase information that we are required to retain by the law or regulation or that is required to exercise or defend legal claims. To exercise your right to erasure please contact our Data Protection Officer.
Who you can complain to
If you are unhappy about how we are using your information or how we respond to your request then initially you should contact the Data Protection Officer. If your complaint remains unresolved then you can contact the Information Commissioner’s Office, contact details are available at www.ico.org.uk.
To find out more information about the General Data Protection Regulation and the way in which it is administered contact the Information Commissioner’s Office or online at www.ico.org.uk.