Clients and business associates
Sacker & Partners LLP (“We”) collect and process personal data relating to the individuals representing our clients and prospective clients, as well as business associates such as other professional advisers and industry contacts. We are a “Data Controller” and are required to comply with data protection law when handling your personal data.
What personal data do we hold about you?
Most of this personal data comprises publicly available contact details, such as names, business email and postal addresses and telephone numbers.
In some, very limited circumstances, we may hold sensitive personal data about the individuals representing our clients. For example, information contained in personal identity documents provided to enable us to complete checks required under anti-money laundering legislation.
What do we use this personal data for?
We use our clients’ personal data to provide legal services and support to our clients and for the following related purposes:
- to update and enhance client records and make statutory returns;
- to help us manage our practice and enhance and develop the services we offer;
- to share and develop knowledge and expertise within our organisation;
- to comply with legal and regulatory requirements, professional standards and guidelines; and
- to respond to queries or concerns regarding our services.
We use prospective clients’ personal data to develop relationships with them and to seek out new work and business opportunities.
We use business associates’ personal data to enhance the advice we provide to shared clients and to build and maintain contacts with individuals and organisations within the pensions industry and professional networks.
We will only collect the personal data we need for these purposes.
What is our legal basis for processing your personal data?
We can only process personal data if we have a legal basis for doing so. We process:
- our clients’ personal data as this is necessary for us to be able to perform our contractual obligations under our terms of appointment;
- prospective clients’ personal data as this is necessary for the purposes of our legitimate interests in seeking out new work and business opportunities and, if they decide to appoint us to provide legal services, to take steps at their request prior to entering into a contract with them;
- personal data relating to business associates as this is necessary for the purposes of our legitimate interests in providing a quality service to our mutual clients and in building and maintaining within the pensions industry and professional networks; and
- personal data provided to us for the purposes of our anti-money laundering checks as this is necessary for compliance with a legal obligation.
We may also process personal data where this is necessary for the purposes of our legitimate interests in relation to the establishment, exercise or defence of legal claims or if reasonably necessary in order to recover our fees.
From time to time we may also seek your consent to certain processing of your personal data.
How do we collect this personal data?
Most of the personal data we hold about you will have been collected directly from you or, where applicable, from the organisation you work for or from another professional adviser. However, we may from time to time also obtain personal data from third parties where appropriate (such as HMRC, Companies House or any person who provides a reference for you).
Who has access to your personal data?
We may need to share your personal with other parties who are involved with your matters such as other representatives of the same client, professional advisers and expert witnesses.
From time to time our work may also require us to share your personal data with other third parties or organisations such as the Pensions Regulator, Pensions Ombudsman or other relevant supervisory authorities. In some circumstances, we may also need to share personal data with our insurers.
In providing our services, we use a number of external providers and agencies. For example, we use external cloud-based email and document management systems, and other IT services to ensure a robust IT infrastructure. We also use external providers for secure archiving and confidential waste disposal. We may occasionally ask external agencies to assist us with specific copying or printing tasks (for example, if we need to prepare large court bundles) or to conduct quality checks on our practice.
We will not share your personal data externally for any purposes which are not related to the services we provide without your prior consent, unless we are legally required to do so.
Personal data about others
In order to obtain our services, you may need to provide us with personal data about others, such as current, former or potential employees, scheme members and beneficiaries, as well as such other individuals as may be required. This personal data may, amongst other things, include names, dates of birth, national insurance numbers, telephone numbers, postal and email addresses, salary and pensionable service details, information relating to health, and information relating to sexual orientation.
In most instances, when we receive personal data about others (whether held by you or by a third party, and whether provided directly by you or through a third party), we do so as a data processor. We shall be entitled to assume that it is provided in accordance with all relevant data protection legislation.
On occasion, for example where we are jointly determining the purposes and means of the processing of personal data, we may be acting as a joint controller. Unless we agree otherwise, all data protection compliance obligations will rest with you as the primary data controller. In particular, you are responsible for providing clear information to the data subjects whose personal data is being shared with us.
What is the lawful basis for processing personal data about others?
As explained above, we would expect to be a data processor in respect of almost all of the personal data that clients send to us and that we hold and use. As the client is the data controller, the lawful basis for processing will be the client’s lawful basis and we will only process personal data under the instructions from the client.
In the cases where we hold personal data about others as a data controller, we consider that the processing is necessary for the performance of a contract.
Will personal data be shared outside the European Economic Area (EEA)?
In most circumstances personal data will not be transferred to countries outside the European Economic Area. However, this may occur occasionally if our personnel are accessing the data outside of the EEA on company-issued or company-approved devices that have appropriate and adequate security, where this is in respect of temporary travel outside of the UK.
How do we protect your personal data?
We take the security of your personal data very seriously and have measures in place to protect it and to limit access to it. If we share your personal data externally, we will require the recipient to comply with applicable data protection requirements.
How long will we keep this personal data?
We will keep personal data relating to our clients, their professional advisers and the advice we have given for the duration of our appointment.
At the end of our appointment, you can ask us to take steps to delete or return your personal data. However, we may need to keep it for a longer period if we deem this appropriate. For example, to allow us to respond to any queries about your matters. In deciding how long to retain any personal data we will have regard to all our legal, regulatory and professional obligations including applicable data protection legislation.
We will keep personal data relating to prospective clients and business associates so that we can keep in contact with them unless and until we are specifically requested otherwise.
What rights do you have in relation to your personal data?
You can ask for a copy of the personal data we hold about you and require us to change it if it is incorrect, incomplete or out of date. In some circumstances, you can also object to processing of your personal data or ask us to restrict processing or to delete your personal data. However, we may have legitimate grounds for continuing to process or retain such personal data. If you would like to exercise any of these rights, please email email@example.com
You can get more information about your data protection rights at https://ico.org.uk.
You should be aware that:
- exercising any of these rights could potentially impact our ability to provide advice.
- information will generally be provided to you free of charge, but we may charge a reasonable fee in certain circumstances.
Who can you contact if you have any questions, concerns or complaints about how we handle your personal data?
If you have any questions, concerns or complaints about how we handle your personal data please email firstname.lastname@example.org
You can also make a complaint to the Information Commissioner using their helpline on 0303 123 1113 or through their website https://ico.org.uk.