At Lewis Townsend LLP, protecting the data and privacy of our clients and other individuals we work with is our priority.
3. Cookies and website visitors
4. Recipients of personal data
5. How long we store personal data for
6. How we keep personal data safe
7. International transfers
8. Your rights as a data subject
9. Updates to this policy
We are Lewis Townsend LLP (we, us or our), a limited liability partnership with registered number OC400109, having our registered office and main place of business at Lewis Townsend LLP, 1 Fore Street, London, England, EC2Y 5EJ. You can contact us by writing to us at our office address, telephoning us on 020 7993 2161 or emailing firstname.lastname@example.org
We are regulated as a controller under Data Protection Laws in relation to the personal data (meaning information which relates to an identified or identifiable individual) we collect and process in connection with our business. This means that we are responsible for deciding how and why we use personal data, and for keeping it safe. We are registered as a data controller with the Information Commissioner’s Office (ICO) with registration number ZA190067.
We collect and process personal data relating to our clients and matters we advise on. This will include other individuals involved, such as representatives or employees and officers of corporate clients, other parties and professional advisers. This information is typically:
The categories of personal data we collect will vary, depending on the matter in question, but may include some or all of the following:
We may process other types of personal information, including sensitive personal data (for example, if we advise an employer on an unfair dismissal claim), though this will depend on the nature of the matter in question. If we do, then it will be protected to the same high standards explained in this policy.
We use personal data because we need to for one or more of the following reasons:
If you do not provide the personal data which we need in order to enter into or to perform a contract with you, then we may not be able to contract with you or to provide the legal services which you have requested.
In limited circumstances, we may use personal data on the basis of your consent. If so, we will always clearly ask for your agreement to this. You are, of course, free to refuse this and we will inform you as to what (if any) consequences this might have.
We process personal data about individual business and professional contacts. These people include individual (or representatives from corporate) intermediaries, service providers, other lawyers, organisations that have attended our events, and potential clients.
The types of personal data we hold about these individuals typically consists of basic personal details and contact information, such as position title, name, email, address, telephone and the person’s employer. Depending on the circumstances, and the nature of our relationship with the people involved, we may use this information to:
We use this personal data because it is in our legitimate interests to promote our services and build business relationships.
If you receive news or marketing communications from us, it is because we think you might be interested in our firm or its services (usually on the basis of previous dealings with you or a recommendation from a third party).
You can unsubscribe from marketing at any time by clicking the “unsubscribe” link on any of our emails, or by emailing email@example.com with the subject line “unsubscribe.”
We collect, store and use personal data about individuals who apply to join us.
This may include information:
The information we collect might include sensitive personal data, such as information about your health and sickness records.
If you apply for a position with us, we may carry out a check for criminal convictions in order to satisfy ourselves that there is nothing in your history which makes you unsuitable for the role. We do this because working with us involves a high degree of trust (as you may be dealing with client monies and will have access to confidential information). We are also legally required by the Solicitors Regulation Authority to carry out criminal record checks for certain roles within our firm.
We only carry out criminal records checks and ask for references at the last stage of the application process, when making an offer of employment, and always act in accordance with the specific requirements of Data Protection Laws and other applicable national laws.
We use the personal data we collect about you to:
We do all of this because either it is a necessary part of entering into a contract of employment with you or because we have a legitimate interest in ensuring that you are suitable for a particular role.
If you fail to provide personal data when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application successfully.
If we need to process sensitive personal data about a job applicant, for example disability information in order to consider whether we need to provide appropriate adjustments during the recruitment process, we will ask for explicit consent to do this at the time at which we request the data or ensure that we satisfy another condition under Data Protection Laws for lawfully processing such data.
We normally retain personal data about unsuccessful candidates for no more than 6 months from the time we inform them of our hiring decision. We retain personal data for this period so that we can demonstrate, in the event of a legal claim, we have not discriminated against an applicant and that the recruitment process was fair and transparent. After this period, we will securely destroy this applicant’s personal data. If we wish to retain personal data on file, in case future opportunities arise, we will contact the applicant and ask for his or her consent to do so.
If you are successful, the personal data you provided in the application process will be stored as part of your personnel file.
Any CCTV used in our London office is operated by the building landlord, not by us, and so we are not the controller.
We do not normally collect personal data about visitors to our website unless they choose to provide such information (such as by filling in a website form).
We collect anonymous information about visitors to our website in order to optimise and improve the website. This might include IP addresses, browser or device details and the connection type (for example, the Internet service provider used). However, none of this information will by itself directly identify any particular user.
Web browsers place cookies on hard drives for record-keeping purposes and sometimes to track information (such as repeat visits). Our website uses Google Analytics cookies to enable us to measure how users interact with our website. Further information on the cookies and how they work can be found here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.
You can prevent these cookies by installing the Google Analytics opt-out browser extension by visiting https://support.google.com/analytics/answer/181881?hl=en or by adjusting your browser settings.
Personal data you provide to us will be kept private and confidential, and we will only disclose or share it with other data controllers where this is required:
We also share personal data with some of the third parties who provide services to our firm. This includes software providers (such as Microsoft), cloud service providers and IT support services. However, these third parties will only process personal data (which may include your information) on our behalf for specified purposes and in accordance with our strict instructions.
We only use third party service providers who have provided sufficient guarantees, as required by Data Protection Laws, that your personal data will be kept safe. We always ensure there is a written contract in place which protects your personal data and prevents it from being used for any purpose other than providing services to our firm, in accordance with Data Protection Laws.
We only retain personal data for as long as is necessary for the specific purposes it was collected for (or for related compatible purposes such as complying with applicable legal, accounting, or record-keeping requirements). For example, the Solicitors Account Rules require us to retain records of transactions involving client monies for a period of at least 6 years.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In the event we process personal data in connection with a client matter, we will normally process that personal data for the duration of the matter. Once we are satisfied that the matter is complete, we will close the file and delete or destroy personal data which is no longer required (such as hard copies of documents which have been digitally archived). Any personal data we retain will be stored securely and only accessed if necessary in order for us to establish, exercise or defend against a legal claim or if another overriding legitimate ground arises (such as having to disclose information as part of an audit by our regulator).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, damaged or destroyed, altered or disclosed. This includes both physical security measures (such as keeping paper files in secure, access-controlled premises) and electronic security technology (such as digital back-ups and sophisticated anti-virus protection).
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to legal and contractual confidentiality obligations.
We have put in place reporting procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach when we are legally required to do so.
We normally only store personal data within the European Economic Area (EEA). However, some of the technology and support services we use are provided by international organisations and/or companies which are based outside the EEA. Before using such service providers, we take steps to make sure that any personal data they process is adequately protected and transferred in accordance with Data Protection Laws, usually by one or more of the following methods:
If you would like more detailed information on the measures and safeguards which we implement for such data transfers, then please contact us using the details set out in section 1 above.
Data Protection Laws provide you with certain rights in relation to your personal data. These are as follows:
We try to respond to all personal data requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. Please also bear in mind that there are exceptions to the rights above and some situations where they do not apply.
We may need to request additional information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you to clarify your request.
You will not normally have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you want to exercise any of the rights described above, please email firstname.lastname@example.org or write to Data Protection Requests, Lewis Townsend LLP, 1 Fore Street, London, England, EC2Y 5EJ.
You have the right to complain to a data protection supervisory authority (which, in the UK, is the ICO) if you are not satisfied with our response to a data protection request or if you think your personal data has been mishandled. For further information on how to make a complaint, please visit https://ico.org.uk.
We will update this policy from time to time. The current version will always be posted on our website. This policy was last updated on 6 September 2018.
DATA REGULATORY UPDATE UK COURT OF APPEAL CONFIRMS EMPLOYERS CAN, EVEN IF NOT AT FAULT, BE HELD LIABLE FOR DATA BREACHES CAUSED BY A ROGUE EMPLOYEE On 22 October 2018, the UK Court of Appeal ruled, in WM Morrison Supermarkets PLC v Various Claimants  EWCA Civ 2339, that employers can be sued for data […]
On 17 July 2018, the EU and Japan concluded their discussions on personal data transfers and recognised that the data protection regimes between the two are equivalent, which means that personal data will be able to flow freely between them once each side has completed the necessary procedures to adopt an adequacy decision. The agreement is […]
GDPR is finally here. However, this is just the beginning. Most businesses aren’t ready for the changes and, even for those that are, the real test will be whether the policies, procedures and contracts they’ve put into place recently can be implemented and kept going in the long term. For practical advice on what the […]
We’re really pleased to share that we have been shortlisted for two Awards as part of the annual Modern Law Awards hosted by Modern Law Magazine. Most importantly these shortlists are for the categories of Property Team of the Year & Client Care Initiative. Client care has been a vital part of our business since […]
This month we are delighted to welcome Nick Mathys as a new Partner at Lewis Townsend. Nick is a fluent Japanese speaking commercial, technology and data protection lawyer who brings with him a wealth of experience in both UK and Japanese markets, including many years with Herbert Smith Freehill’s Tokyo office where he worked closely […]
We’re delighted to share the news that we are now joined by Tarron Dobson, the latest member of the team here at Lewis Townsend. Tarron has recently completed her Legal Practice Course at BPP University and joins us to start her legal career as a paralegal. After years of study, Tarron is keen to put her knowledge […]
‘How long will the buying process take?’ When it comes to buying a new home, this is everyones favourite question. And who wouldn’t want to move into their new home as soon as they have found it, however there are a number of things that impact on the timescales of your completion so the more […]