Our Privacy Policy

WHO WE ARE

Spearing Waite LLP is a limited liability partnership, registered in England and Wales. Its registration number is OC361998 and its Registered Office is at 34 Pocklingtons Walk, Leicester, LE1 6BU.

The expression “we”, where used in this Policy, means Spearing Waite LLP and the expressions “us” and “our” should be read accordingly.

ABOUT THIS PRIVACY POLICY

We are committed to protecting and respecting the privacy of clients and other individuals with whom it communicates. For the purposes of the relevant data protection legislation, including the General Data Protection Regulation, the “data controller” is Spearing Waite LLP.

This Privacy Policy sets out the basis on which we collect personal data (as defined below) from an individual and the way in which it will be processed by us. Please read this Privacy Policy carefully to understand our policy and practices regarding personal data and how we shall treat it.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your personal data. This Policy supplements any other such notices and is not intended to override them.

If you have any questions about this Policy, or if you wish to send us a request to exercise any of your legal rights (which are described elsewhere in this Privacy Policy), please contact us at compliance@spearingwaite.com or by telephoning 0116 262 4225.

PURPOSES FOR WHICH WE COLLECT INFORMATION

 We shall only use an individual’s personal data to the extent that the law allows us to do so. Most commonly, we will use personal data in the following circumstances:

  1. to provide legal advice and services to you or to the organisation by which you are employed or engaged, either at your or your organisation’s request or in order to fulfil an existing contract;
  2. where we need do so in order to comply with a legal or regulatory obligation; or
  3. where it is necessary to do so for our legitimate interests pursued by us or a third party and your interests and fundamental rights do not override those interests. “Legitimate Interest” means our interest in conducting and managing our business to enable us to give the individual or the individual’s organisation the best service or product and a secure experience, and the interest of our business generally. We ensure that we consider and balance any potential impact on the individual and his or her rights before we process personal data for our legitimate interests. We do not use personal data for activities where our interests are overridden by the impact on the individual (unless we have the individual’s consent or are otherwise required or permitted to do so by law).

TYPES OF PERSONAL DATA WE COLLECT

“Personal data” means any information which identifies (or from which we can identify) a natural person, as opposed to a company or other organisation. We may collect, use, store and transfer the following different kinds of personal data about individuals:

  • “Identity Data”, which comprises an individual’s first name, last name and title
  • “Contact Data”, which comprises an individual’s address, email address and telephone number(s)
  • “Financial Data”, which comprises an individual’s bank account or payment card details and information regarding the individual’s creditworthiness
  • “Transaction Data”, which comprises details about payments made by an individual to us or by us to an individual (if the individual is a sole trader) or the organisation by which the individual is employed or engaged, and details of services that the individual or organisation has purchased from us.
  • “Technical Data”, which comprises an individual’s IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the device(s) used to access our website.
  • “Usage Data”, which comprises information about how an individual uses our website, advice or services.
  • “Marketing and Communications Data”, which comprises an individual’s preferences in receiving marketing from us or third parties on our behalf, and the individual’s communication preferences.

Aggregated Data

We may also collect, use and share “Aggregated Data”, such as statistical or demographic data. Aggregated Data may be derived from an individual’s personal data but does not constitute “personal data” in law as it does not directly or indirectly reveal an individual’s identity. For example, we may aggregate (i.e. combine with information relating to others) Usage Data to calculate the percentage of users accessing a specific feature of our website. However, if we combine or connect Aggregated Data with personal data so that it can directly or indirectly identify an individual, we treat the combined data as personal data and use it strictly in accordance with this Privacy Policy.

Special Categories of Personal Data

“Special Categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual, data concerning an individual’s health or data concerning an individual’s sex life or sexual orientation.

The processing of Special Categories of personal data is prohibited except in certain limited circumstances. We shall only collect and use Special Categories of personal data where such circumstances apply.

Minimum Required Information

Where we need to collect personal data by law or in order to provide legal advice or services that we have agreed to provide to an individual or the individual’s organisation and the individual fails to provide the minimum required data when requested, we may not be able to provide that advice or those services and may as a consequence have to cancel our agreement to provide the advice or services in question.  In that event we shall notify the individual or the organisation accordingly. For example, we may ask for documentary confirmation of an individual’s identity and address in order to complete our identity and money-laundering checks before we are able to provide the legal advice or services in question.

HOW AND WHEN DO WE COLLECT INFORMATION?

We may collect personal data on an individual in the following ways:

  • Where the individual voluntarily provides it to us

When an individual instructs us to perform legal advice or services, agrees to receive communications from us, sends us an email, requests a fee proposal or other information about us or the services that we provide, fills in forms on our website, completes one of our client surveys or provides us with information about themselves when attending a seminar or other marketing event or communicates with us in any way, that individual is voluntarily giving us information that we collect. We also collect information given to us in the following circumstances:

when we contact an individual for the purpose of providing legal advice or services, providing a fee proposal or other information or managing our professional relationship                                with the individual or the individual’s organisation; or

when we make contact with an individual or organisation (or vice versa) for the purposes of sourcing, and arranging and entering into agreements for the supply to us of,                                      goods or services of any, and of managing our business relationship with individuals or organisations concerning the supply of those goods or services.

Information collected in any of the above ways may include an individual’s Identity Data, Contact Data, Financial Data, Transaction Data and Marketing and Communications Data.

  • When we collect information automatically

When an individual browses our website, we may collect information about that visit and the individual’s browsing. That information may include the individual’s Technical Data and Usage Data. We may collect this information as a part of log files as well as through the use of cookies or other similar technologies. Our use of cookies and similar technologies is explained more fully in our Cookie Policy.  

  • Telephone conversations

We record all telephone calls received or made by us. This is done for security purposes, in particular in order to ensure the security and safety of our staff and partners, and also for the purpose of keeping a record of the call for file and matter management purposes. Through these calls we may collect primarily Identity Data, Contact Data, Transaction Data or Marketing and Communications Data.

  • Information from other sources

From time to time we may obtain information about an individual from third party sources, such as public databases (for example, Companies House). We take steps to ensure that  such third parties are legally permitted or required to disclose such information to us. Examples of the information that we may receive from other sources include: demographic information, device information (such as IP addresses), location, and online behavioural data (such as, page view information and search results and links) from analytics providers and search engine providers (for example, Google based outside the EU). We use this information, alone or in combination with other information (including personal data) that we collect, to enhance our ability to provide relevant marketing and content to the individual and to develop and provide the individual or the organisation with other relevant advice and services.

HOW WE USE PERSONAL DATA

We have set out below a description of all the ways in which we intend to use any personal data, and the legal bases on which we intend to rely on in order to do so. We have also identified what our Legitimate Interests are where appropriate. Further information about how we assess our Legitimate Interests against any potential impact on individuals in relation to specific activities can be obtained by contacting us. We may use and disclose personal data for the following purposes:

a) Provision of advice and services and client management

In establishing an individual or organisation as a client (including but not limited to the conduct of identity verification and anti-money laundering procedures) providing legal advice and services, accounting to a client for the advice or services rendered and collecting payment of fees, disbursements and other monies we may use an individual’s Identity Data, Contact Data, Financial Data, Transaction Data and Marketing and Communications Data.

b) To manage our relationship with clients

We may send to an individual updates about the advice and services that we provide, including details of new services and updates on developments in the law.  If we have previously provided advice or services to an individual or an individual’s organisation we may ask the individual to provide feedback about the quality of the advice or services provided and the client’s overall experience of dealing with us. We may also collect and review historical information about advice or services, fee proposals or enquiries that we have previously provided to or received from an individual or organisation. This is necessary in order to keep clients updated about any advice or services that we provide, to develop and enhance the range and quality of the advice and services that we provide and generally to grow our business. We also keep records of conversations that we have had in the past in order to maintain and develop our relationship with an individual or organisation. We will never store Special Categories of personal data about an individual for this purpose without the individual’s explicit consent

c) Marketing

If it is in our Legitimate Interests to do so or we currently provide a individual or organisation with advice or services and the individual or organisation has not previously asked us not to do so, we may send, or permit selected third parties to send, to an individual (either for the individual’s own account or as the representative of the organisation, as the case may be)  other forms of marketing, for example regarding other advice and services that we provide . We shall make sure it is clear when we require permission to do this: for example, we have an online form and boxes that the individual must tick in order to consent to receiving such marketing materials. An individual has the right to withdraw consent to receiving direct marketing at any time by contacting us.

d) Advertising

We may use the information that we collect in order to deliver relevant website content and advertisements to individuals or organisations, and to measure or understand the effectiveness of the advertising we provide. We may also use data analytics to improve our website, advice and services, marketing, customer relationships and experiences. This is in order for us to be able to study how clients use our advice or services and develop them, to grow our business and to inform our marketing strategy. For more information on how we use cookies or other similar technologies for these purposes, as well as how to opt-out of the use of cookies, please visit our Cookie Policy here.

e) To administer and protect our business and this website

We may also use personal data in order to protect our business and our website and to help us monitor or improve the advice or services that we offer. This includes troubleshooting, statistical and data analysis, testing, system maintenance, support, reporting and hosting of data. We also use personal data to improve our website so that content is presented in the most effective manner for individuals and their computers, and as part of our efforts to keep our site safe and secure. This is necessary for the running of our business, provision of administration and IT services, network security and prevention of fraud. We may also need to use personal data in the context of a business reorganisation or restructuring exercise.

f) Other purposes

We shall only ever use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another lawful reason and that reason is compatible with the original purpose. If an individual requires an explanation of why we are using personal data or the legal basis on which we are using it, a request may be made by contacting us by email at compliance@spearingwaite.com or by telephoning 0116 242 4225. Should we ever need to use personal data for an unrelated purpose, we shall notify the individual and shall explain the legal basis which allows us to do so. Please note that we may process personal data without the individual’s knowledge or consent where this is required or permitted by law.

WHEN MAY WE SHARE PERSONAL DATA?

We require all third parties to respect the security of Personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process it for specified purposes and in accordance with our instructions. We shall not share personal data with any third parties for marketing purposes without the individual’s express consent. We may, however, share personal data with third parties in the following circumstances:

(a) Service Providers

We may share personal data with service providers where this is necessary in order to provide an individual or an individual’s organisation with advice or services that the individual (whether in his or her own name or on behalf of the individual’s organisation) has instructed us to provide. Examples of Service Providers include barristers, expert witnesses, other professional advisers or hosting services. We may also need to share personal data with third party software or IT support providers for the purpose of system administration, data security, data storage, back up, disaster recovery and IT support.

(b) Advertising partners

We and our third party partners may use cookies and other tracking technologies, such as pixels and web beacons, to gather information about an individual’s activities on our website and other sites in order to provide individuals and their organisations with targeted advertising based on the individual’s browsing activities and interests. For more information about cookies and other tracking technologies, please visit our Cookie Policy.

(c) To transfer information in the case of a sale, merger, consolidation, liquidation, reorganisation, or acquisition

We may share personal data with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use personal data in the same way as set out in this Privacy Policy.

(d) To protect the rights, property, or safety of our business and other customers

We reserve the right to disclose or share personal data in order to comply with any legal or regulatory requirements, enforce our terms and conditions or the terms of our engagement generally, or to protect the rights, property, or safety of our business and other customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. We may also need to share information with HM Revenue & Customs, the Solicitors’ Regulation Authority, other regulators and other authorities acting as processors based in the United Kingdom, who require reporting of processing activities in certain circumstances. We may also share personal data with our professional advisers including bankers, auditors, accountants and insurers based who provide legal, financial and banking, audit, insurance, accounting and consultancy services.

Third Party Websites

This website may include links to external third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about individuals. We do not control these third-party websites and are not responsible for their privacy statements. Individuals leaving our website are strongly advised to read the privacy notice of any website subsequently visited.

International Transfers

Some of our service providers may be based outside the European Economic Area (“EEA”). Accordingly, their processing of personal data of which we are the data controller will involve a transfer of data outside the EEA. Whenever we transfer personal data outside the EEA, we ensure that an adequate degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:

  • We will only transfer personal data to countries which the European Commission has decided provide an adequate level of protection for personal data.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection that it receives in the EEA.
  • Where we use service providers based in the US, we may transfer personal data to them if they are part of the Privacy Shield Network, which requires the provision of a level of protection acceptable to the European Commission of personal data shared between the Europe and the US.

WHERE WILL WE STORE PERSONAL DATA?

All personal data collected by us is stored either on our secure servers or on our behalf by an outsourced service provider. We use our best endeavours to ensure that personal data is treated securely and in accordance with this Privacy Policy and comply with the relevant data protection legislation within the United Kingdom. This includes examining the security procedures of our service providers.

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify all individuals affected and any applicable regulator of a breach where we are legally required to do so.

Please note that the transmission of information via the internet is not completely secure. Although we shall do our best to preserve the security of personal data, we cannot guarantee the security of data transmitted to our site; any transmission is at the individual’s own risk. Once we have received an individual’s personal data, we shall use effective safeguarding procedures and security features to try to prevent any unauthorised access to it.

HOW LONG WILL WE RETAIN PERSONAL DATA?

We shall only retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process or may foreseeably need to process it and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of our retention periods for different kinds of personal data are available by emailing us at compliance@spearingwaite.com or by telephoning 0116 262 4225.

In some circumstances we may anonymise personal data (so that it can no longer be associated with the individual) for research or statistical purposes in which case we may use this information indefinitely without further notice to the individual.

Where an individual has given consent to be contacted for marketing purposes, we shall contact the individual every five years from the date on which the consent was originally given in order to  ensure that the individual still wishes to be contacted in this way.

In some circumstances an individual may can ask us to delete his or her personal data: see the “Right to be Forgotten” section below for further information.

SUBJECT RIGHTS

Under certain circumstances, an individual has the following rights:

  1. to request that we provide the individual with a copy of the personal data that we hold about him or her (“Access Request”);
  2. to request that we rectify any personal data that we hold about an individual (“Right to Rectification”);
  3. to request that we erase any personal data that we hold about an individual (“Right to be Forgotten”);
  4. to restrict the level of processing we carry out with an individual’s personal data (“Restriction of Processing”);
  5. to obtain from us all personal data that we hold about an individual in a structured, machine readable form, and have this information transmitted to another organisation (“Data Portability”);
  6. to object to our processing personal data in certain ways (“Right to Object”); and
  7. to withdraw consent at any time to our processing of his or her personal data.

Please see the relevant sections below for further details on an individual’s rights as a data subject.

Any of these rights may be exercised by emailing us at compliance@spearingwaite.com or by telephoning 0116 262 4225. An individual also has the right to lodge a complaint with the Information Commissioner’s Office if unhappy in any way with how we have treated his or her personal information. We would, however, appreciate the opportunity to deal with an individual’s concerns before a complaint is made to the Information Commissioner’s Office, and would therefore ask individuals please to contact us in the first instance.

We shall comply with any request made under this section as soon as possible, and normally within one month from the date on which the request is received. However, if necessary, for example if the request is particularly complex or we receive a number of similar requests, we may extend this period by an additional two months, but we shall notify the individuals who have made  if we need to do this.

Individuals will not usually have to pay a fee to access personal data (or to exercise any of their other rights). However, please note that where we receive requests under this section which are manifestly unfounded or excessive, for example because they are repetitive in nature, we may:

  1. charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
  2. refuse to act on the request.

We may need to request specific information from an individual to help us confirm an individual’s identity and verify his or her right to access their personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact an individual to ask for further information in relation to the individual’s request in order to speed up our response.

(a) Access Request

An individual has the right to request a copy of the information that we hold about him or her at any time. This enables the individual to receive a copy of the personal data that we hold and to check that we are lawfully processing it. Please note that in most circumstances, we shall not make a charge for this. However, we may charge a reasonable fee based on administrative costs for any further copies requested.

(b) Right to Rectification

 An individual has the right at any time to ask us to rectify any personal data that we hold about him or her and which is incorrect or incomplete. This enables the individual to have corrected any incomplete or inaccurate data that we hold, though we may need to verify the accuracy of the any new data that the individual provides to us.

If we have disclosed any incorrect or incomplete data to any third parties, we shall inform them of any necessary amendments or corrections made to the personal data of the individual concerned.

(c) Right to be Forgotten

 An individual has the right at any time to ask us to erase the personal data that we hold about him or her if:

  1. it is no longer necessary for us to handle that personal data for the purpose for which it was originally collected;
  2. the individual has withdrawn consent for us to hold that personal data (where consent was the basis on which it was collected or used);
  3. the individual objects to the processing of the data and there is no lawful overriding reason for us to continue processing it;
  4. the personal data was unlawfully processed; or
  5. we have to erase the personal data in order to comply with a legal obligation.

Please note, however, that we may not always be able to comply with a request of erasure for specific legal reasons: in that event we shall inform the individual of those reasons at the time when erasure is requested.

(d) Restriction of Processing

An individual may ask us to restrict how we use his or her data in the following circumstances:

  1. where the individual believes that the personal data we hold about him or her is inaccurate, he or she may ask that we refrain from using that data until we can verify the accuracy of it;
  2. where we have unlawfully processed personal data, the individual may ask that we restrict our usage of it rather than erase it completely; or
  3. where the individual has objected to our use of his or her personal data but we need to verify whether we have overriding legitimate grounds to use it.

Where we no longer need to hold personal data, the individual may nevertheless require us to retain it for the purpose of establishing, exercising or defending a legal claim; or

(d) Data Portability

An individual has the right to obtain from us all personal data which he or she previously provided to us in a structured, commonly used and machine readable form, provided that such data was processed based on the individual’s consent, or for the purpose of a contract between us, and the processing was carried out by automated means. This right only applies to automated information for which the individual originally provided consent for us to use or where we used the information to perform a contract with the individual personally.

This will allow an individual to move, copy or transfer personal data easily from one IT environment to another (for example, if the individual wishes to change legal advisers). Alternatively, we can transmit such data directly to another organisation.

Please note that we shall not be able to comply with a data portability request if this will affect the rights and freedoms of others.

(f) Right to Object

An individual has the right to object, on grounds relating to his or her particular situation, to our processing of his or her personal data where we are doing this for the performance of a task carried out in the public interest (about which we shall have advised the individual, if applicable), or where we are carrying out processing for the purposes of legitimate interests pursued by us.

An individual also has the right at any time to ask us not to process his or her personal data for direct marketing or profiling purposes (to the extent that such profiling is related to such direct marketing). We shall have informed the individual prior to obtaining his or her personal data whether we intend to process that personal data for this purpose, or if we intend to disclose it to any third party for such purposes.

If we process personal data for automatic decision making or profiling purposes (i.e. to analyse or predict an individual’s personal preferences or transaction history, and such profiling is automated) we shall inform the individual in advance, and will only do this where this is a necessary condition of entering into a contract between the individual and us, or where the individual has given us explicit consent to do so.

(g) Right to Withdraw Consent

 Where an individual has given consent to the processing by us of any personal data, he or she has the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn. If an individual withdraws consent, we may no longer be able to provide legal advice or services to the individual or to the individual’s organisation. We shall advise the individual (and, if applicable, may inform other individuals in the same organisation) if this is the case at the time when consent is withdrawn.

In addition to any other way in which we make available to individuals the ability to withdraw consent to the processing of personal data, an individual may also withdraw consent at any time by contacting us at compliance@spearingwaite.com or by telephoning 0116 262 4225.

Get in touch

We’re situated in the heart of Leicester’s commercial quarter, just minutes from the city centre. Get in touch with any queries you have, or alternatively, call us on 0116 262 4225.

Get in touch