Mitchell Wilde LLP (Company No. OC311296) (“We”) are committed to protecting and respecting your privacy.
For the purpose of GDPR and the Data Protection Act 2018 (the Act), the data controller is Mitchell Wilde LLP of 72 Wollaton Road, Beeston, Nottingham, NG9 2NZ.
Mitchell Wilde LLP is registered as a data controller with the Information Commissioner’s Office (ICO) with number Z9159891.
This policy explains how we handle the personal data which we collect, including personal data which is provided to us via our website at www.mitchellwilde.com, during telephone calls, as a result of face to face contact such as meetings and events and in other correspondence.
• The categories of personal data we hold.
• Our uses of personal data.
• The legal basis we rely on for processing that personal data in accordance with GDPR.
• The criteria we use to determine how long to retain personal data.
• Your rights in relation to personal data.
We may change this policy from time to time by updating this page and for Client Data, by updating our terms of business.
The personal data we hold
Personal data is data which identifies an individual. Mitchell Wilde LLP collect and use different types of personal data. The types of data we collect can be categorised as follows:
Client Data – including personal data in connection with and as a result of providing legal advice (aside from Contact Data). This personal data varies according to the matter in question and in particular, depends on whether we represent a business or are an individual client. For example, we typically hold data about key contacts and other employees within our business clients, including information about their involvement in a matter or transaction.
Where we act for individuals we will hold varying data depending on the matter for which we have been instructed. For example, if it is an employment matter we may hold details about salary, employment history including performance and disciplinary matters, bank account details, tax reference and National Insurance number. In some cases, client data may also include special category data, such as information about health, sexual orientation and ethnic origin where relevant to the matter in question.
Contact Data – including names, job titles, addresses, email addresses and telephone numbers.
Marketing Data – including marketing and communication preferences and data used for networking and business development such as role in a company.
Minor’s Data – it is very rare but we may hold data about minors where relevant to the provision of legal advice. This might include name and date of birth and other information if relevant to the matter in question. We will only collect Minor’s Data in connection with a specific matter.
Third-Party Data – including data about people other than clients used in connection with our services. This usually includes Contact Data about other professionals and counterparties to a transaction. It may also include data about third party source of funds and those with a beneficial interest in a particular legal entity.
How we use personal data
The following explains the purposes for which we use personal data, what categories of personal data apply to those uses and the legal basis we rely on to use the personal data in accordance with the GDPR.
Purpose 1: Providing legal advice and related activity
Data type: Our primary function is the provision of legal advice. We use Client Data, Contact Data, Third-Party Data, and very rarely Minor’s Data for this purpose and related tasks such as dealing with enquiries, invoicing, payment, and administering our complaints procedure.
We may on occasion need to disclose personal data to for example, other professionals involved in the matter such as bankers, accountants, agents, experts, Counsel, the Courts and the advisors of counterparties. Occasionally, Contact Data and Client Data may also need to be disclosed to insurers.
Legal basis: If our client is a business client we use this data on the basis that it is in our legitimate interest to do so in order to perform our primary function of providing legal advice and as it is necessary for the performance of the contract with our client.
If our client is an individual we use data in this way on the basis that it is necessary for the performance of the contract with our client and as it is necessary for the performance of the contract with our client.
Where we use special category data we will either only do so in the context of a particular legal issue, with the consent of the relevant person (or in the case of Minor Data, the parent or guardian) or otherwise, because this is necessary for providing legal advice and so performance of the contract with our client, i.e. assisting our clients in establishing, exercising or defending legal claims.
In some cases, we may be required to use personal data to comply with a legal obligation on your behalf. As an example this could include disclosing your data to HMRC as part of submitting a SDLT return on your behalf, registering a property purchase at HM Land Registry or registering a shareholding or appointment at Companies House.
Purpose 2: Regulatory compliance including money laundering avoidance checks
Data type: Mitchell Wilde LLP is regulated by the Solicitors Regulation Authority (SRA) and is required to comply with the rules specified by that body as well as rules relating to the avoidance of money laundering and other financial crime. We use Contact Data, some Third-Party Data and Client Data such as date of birth, passport and driving licence details to comply with those rules. Some of this is obtained from third party sources including information which is a matter of public record. We may also need to disclose information to our auditors which from time to time, may include Client Data and Contact Data.
Legal basis: This is necessary to ensure that we comply with the legal obligations which we are subject to in particular those we adhere to as a regulated body including regulations in relation to the proceeds of crime and money laundering avoidance, and the SRA Handbook.
Purpose 3: Managing non-client relationships
Data type: We use Third Party Data about suppliers, intermediaries and other professionals including investors, bankers, estate agents, patent and trade mark attorneys, legal and other professional advisors of counterparties, land agents, law cost draftsmen, legal Counsel and Counsel’s clerks, expert witnesses, mediators, costs consultants, surveyors and accountants. This usually only includes Contact Data in relation to those persons.
Legal basis: It is in our legitimate interests to use data for this purpose either in retaining services directly (such as with Counsel) or otherwise because it is for the benefit of our clients in connection with a matter. Using this data assists a proper working relationship with third party professionals. We may also use some of this data for business development purposes.
Purpose 4: Operating our website
Data type: We process Contact Data and Technical Data to operate our website. This includes collecting data to deal with its functions such as handling submitted enquiries. This data also helps us to monitor how our website operates and to improve our website.
Legal basis: The use of data for this purpose is in our legitimate interests in managing and improving our website and its content which is an important tool for the development and operation of our business.
Purpose 5: Recruitment and work placements
Data types: People may contact us to apply for a position with us or who wish to gain work experience. This will involve us using Contact Data and other information about experience and employment history to consider an application. Although it is not required, people may provide us with special category data for this purpose for example, health information in order to facilitate an interview.
Lawful basis: We use this type of personal data where we have your consent to do so i.e. we will rely on the fact that you send this information to us as your agreement to us using it for this purpose.
Purpose 6: Marketing and business development
Data type: We may send to you, marketing communications such as information about our services, upcoming events and legal updates including by way of email. This use includes Contact Data and Marketing Data whether relating to our clients, professional advisors or other contacts.
Legal basis: It is in our legitimate interests to use data in this way in order to develop our business, procure new work and increase our profile. We include people in our marketing database where we have the appropriate consents to do so in accordance with the rules relating to marketing communications for example where we send out electronic marketing communications. We provide further information about this when data is collected such as on event feedback forms and on our online marketing form.
You can ask us to stop sending marketing messages at any time by following the unsubscribe links or by contacting us at any time at email@example.com .
Sources of personal data
Change of purpose
We will only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason. We may process personal data without your knowledge or consent, in compliance with the rules where required or as permitted by law.
If you do not provide personal data
Please note that if you do not provide the personal data we ask for, it may result in a delay in performance of, or may otherwise restrict our ability to perform, our services.
We do not transfer data outside the EU.
As a law firm, data security is key and therefore, the security standards we apply to the information we handle (including personal data), are high. We take appropriate precautions and security measures to prevent personal data from being accidentally lost or used, accessed or disclosed in an unauthorised way. These measures include the use of technology but also include other organisational precautions. We also limit access to personal data to those employees, agents, contractors and other persons who need it. We require persons only to use data in accordance with our instructions and to do so confidentially.
Our IT service providers have secure access to data although that access is strictly limited to where required for the provision of relevant services such as support and therefore, is occasional. We have contracts in place with those providers detailing confidentiality and security obligations.
We retain personal data for as long as needed to fulfill the purposes we collected it for, including to satisfy legal, accounting and reporting requirements. To determine retention periods, we consider the type of data and why we need it.
Most personal data we hold is used in connection with the provision of legal advice and related tasks such as complying with our obligations in relation to money laundering avoidance checks, we take account of the nature of the matter in question and how long it is appropriate to retain data for. By way of example, it would be appropriate for us to retain personal data in connection with a property matter for a longer period of time than in connection with some other types of legal matter such as a commercial contract. We also take account where relevant, of any practice notes as may be issued by the Law Society from time to time and information published by the SRA (including the SRA Handbook) given the regulated nature of our profession, as well as relevant statutory and other legal requirements and considerations.
In so far as the personal data pertaining to job applications is concerned, we typically retain that information for a period of 12 months from the date on which we receive the application, or for those invited for interview, for a period of 12 months from the date on which a decision is communicated.
We review the personal data held in our marketing database so as to take account of any marketing preferences we may receive such that anyone from whom we receive an unsubscribe request, will be removed from that database. We also undertake a general review of the database approximately once annually as a way of ensuring that the personal data included in it, remains up to date.
The following summarises the rights of data subjects in the GDPR. Individuals may (depending on circumstances):
• Request access to personal data (a subject access request). You can receive a copy of the personal data we hold about you and ensure and check that we are processing it lawfully.
• Request correction which means you can have incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of new data you provide.
• Request erasure of your personal data. You may request the removal of personal data if there is no good reason for us continuing to hold it including if you successfully exercise a right to object to processing, if we have processed data unlawfully or where we are legally required to erase personal data. We may not comply where there are legal reasons for this.
• Object to processing of personal data where we rely on legitimate interest bases and if the processing impacts your fundamental rights and freedoms. You can also object to direct marketing. We may have grounds to process personal data which override your rights and freedoms.
• Request restriction of processing (usually temporarily) where; we are establishing data accuracy; if data use is not lawful in accordance with GDPR but you do not want us to erase it altogether; if you have objected to use of personal data but we need to verify whether we have overriding legitimate grounds to use it; or if we no longer need the data but you need us to keep it to establish, exercise or defend legal claims.
• Request a data transfer. We will provide your data to you or your chosen third party, in a structured, commonly used, machine-readable form. This only applies to automated information which you provided consent for us to use or if necessary to perform a contract with you.
• Withdraw consent at any time where we rely on consent to process your personal data. This will not affect the lawfulness of processing carried out before you withdraw your consent.
Note that there may be exceptions to certain rights in particular, taking account of the nature of our work. For example, litigation privilege and legal advice privilege may mean that certain data cannot be disclosed in response to a request.
Exercising your rights
Please contact us if you would like to exercise any of your rights of if you have any questions about this statement.
Address: 72 Wollaton Road, Beeston, Nottingham, NG9 2NZ
Tel: 0115 8371 430
You may complain to the ICO which is the UK supervisory authority for data protection issues (www.ico.org.uk) though to allow us to assist, we would ask that you contact us in the first instance.
No fee is payable to access your personal data (or to exercise any other right). However, we may charge a reasonable fee or refuse to deal with a request if it is unfounded or excessive.
We may need information to clarify a request or help us confirm your identity and ensure your ability to exercise rights. This is a security measure to ensure personal data is not incorrectly disclosed. We seek to respond to all legitimate requests within one month. Occasionally, it may take longer if your request is complex or requests are numerous.
It is important that the personal data we hold is accurate. Please tell us if your data changes. If you provide data to us about another person, such as a colleague or a business partner, you should ensure that you have their consent if appropriate, or other necessary authority, to pass those details on and for us to use them in accordance with this statement. You should also make sure that you bring this statement to their attention.
Third-party links and cookies
Our website includes links to third-party sites and applications including Twitter and Linkedin. Clicking links or enabling applications may allow third parties to collect or share data about you. You should read policies and other statements on other websites carefully. We also operate cookies on our website and information about that is also provided separately in our Cookies Policy.
Last Updated: 13 December 2018
Are Sole Directors Authorised to act under their Model Articles?
A recent High Court case has cast doubt on whether a sole director can validly make decisions for a company under their Model Articles. ...
Small businesses and the importance of intellectual property management
Small businesses need to protect their IP What makes it so important to be aware of Intellectual Property Abuse? Many factors can affect a ...
How important is the Shareholder’s Agreement for your business?
If you are thinking of starting a business with two or more shareholders then taking into consideration the shareholders agreement is very important. This ...
Coronavirus – Some Legal Considerations
Coronavirus is having profound practical, commercial and legal effects. This is the first in a series of articles about some of the legal considerations ...
GDPR 2 – What constitutes personal data and what are the six principles of personal data processing?
What constitutes personal data and what are the six principles of personal data processing? What is personal data under GDPR? Article 4 (1) of ...
Please call us on: 0115 8371 430