• Home
  • Privacy policies

Privacy policies

Client data protection policy

Website privacy notice

Client data protection policy

This Client Data Protection policy ("Policy") applies to personal information about you, any of your employees, officers, directors, agents, contractors or consultants or any of your customers, suppliers or any other relevant individual that you engage with in the ordinary course of business ("Client Business Personnel") held by Stephenson Harwood LLP and, to the extent that the Data Protection Legislation applies to the processing of such information, held by other members of the SH Group. See "Contacting us" below for our contact details and the "Offices" link for the contact details of our overseas offices.

In this Policy:

"Data Protection Legislation" means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection; and where we use the terms "personal data", "data subject", "controller", "processor" and "process" (and its derivatives), such terms shall have the meanings given to them in the Data Protection Legislation.

"SH Group" means Stephenson Harwood LLP, the Stephenson Harwood Piraeus office, the Stephenson Harwood Paris office and other partnerships, corporations and undertakings which are authorised to carry the name "Stephenson Harwood"; and a "member of the SH Group" has a corresponding meaning.

Using your information
We may collect and process information relating to you and your Client Business Personnel in order to provide our services to you. We shall process any information we collect in accordance with Data Protection Legislation and the provisions of this Policy.

Your Information
The information referred to above includes personal data, which means information that can be used to identify a natural person, including (but not limited to) the following types of personal information:

  • contact information, such as an individual’s home or work address and contact details (including mobile telephone number);
  • date of birth, marital/civil partnership status, details of dependants and next of kin;
  • financial information (including bank details, tax rates and information in relation to investments); 
  • employment status; 
  • information about an individual’s professional qualifications;
  • pay records and national insurance number; 
  • other information about an individual that you or they disclose to us when communicating with us; 
  • details of any complaints or concerns raised by you or them;
  • information we obtain from the instructions you give to us;
  • information we collect when you and your Client Business Personnel communicate with us or any other time you or they contact us; and
  • information we obtain from third parties, such as information that we obtain when verifying details supplied by you. This information obtained from other third party organisations may include fraud prevention agencies and information which is collected from publicly available sources such as Companies House.

Some of the information that we collect about you and your Client Business Personnel may include special categories of personal data (such as information about racial or ethnic origin, criminal or alleged criminal offences or health and lifestyle). We will usually seek separate permission from you or them in writing to process these special categories of personal data.

If you fail to provide us with this information, or you or your Client Business Personnel object to us processing such information (see "General Rights") for more information about your rights in relation to your information) the consequences are that we may be prevented from providing our services to you, or continuing to manage your matter(s) with us.

Our use of your information
We may collect, record and use information about you and your Client Business Personnel, and the services we provide to you, in physical and electronic form and will hold, use and otherwise process the data in accordance with the Data Protection Legislation and as set out in this Policy. This may include sharing this information with third parties and transferring it abroad. More information about sharing and transferring such information is set out below.

We may process any information we hold about you and your Client Business Personnel for a number of business purposes. Examples of the types of uses of such information are set out below:

  • to provide our services to you;
  • to administer and operate your client account(s) and matters;
  • to monitor and analyse the conduct of your client account(s) and matters;
  • to assess any billing matters or credit decisions;
  • to enable us to carry out statistical and other analysis and to meet our legal or regulatory obligations;
  • for our reasonable commercial purposes (including in connection with our insurance, quality control and administration and assisting us to develop new and improved services);
  • to confirm your or their identity and carry out background checks, including as part of our checks in relation to anti-money laundering, compliance screening and to prevent fraud and other crimes;
  • to follow up with you or them after you request information to see if we can provide any further assistance;
  • to comply with any requirement of applicable laws or regulations;
  • to fulfil our obligations under any reporting agreement entered into with any tax authority or revenue service(s) from time to time;
  • to check your instructions to us;
  • to circulate attendee lists to other attendees of our events;
  • to monitor, record and analyse any communications between you or them and us, including phone calls to analyse, assess and improve our services to you, as well as for training and quality purposes;
  • to prevent or detect abuse of our services or any of our rights (and attempts to do so), and to enforce or apply this Policy and/or any other agreement and to protect our (or others') property or rights;
  • in the context of a sale or potential sale of a relevant part of our business, subject always to confidentiality obligations;
  • if instructed to do so by you or them or where you or they give us consent to the use and/or processing involved; and
  • to bring to your or their attention (in person or by post, email or telephone) information about additional services offered by us and/or the SH Group, which may be of interest to you or them, unless you or they indicate at any time that you or they do not wish us to do so.

Lawful grounds for using your information
We have described the purposes for which we may use information about you and your Client Business Personnel. We are permitted to process such information in this way, in compliance with the Data Protection Legislation, by relying on one or more of the following lawful grounds:

  • you or they have explicitly agreed to us processing such information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or them or to take steps to enter into an agreement with you or them;
  • the processing is necessary for compliance with a legal obligation we have; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us, which might be:
    (i) to ensure that our matters are well-managed;
    (ii) to prevent fraud;
    (iii) to protect our business interests;
    (iv) to ensure that complaints are investigated;
    (v) to evaluate, develop or improve our services; or
    (vi) to keep our clients informed about relevant services.

In relation to any processing of special categories of personal data, we will generally rely on obtaining specific consent in order to process such information, although it may be necessary for us to use certain information in order to comply with our legal obligations as a regulated entity (such as in relation to an alleged offence). Where you or your Client Business Personnel have consented to our processing of such information (including special categories of personal data) you or they may withdraw such consent at any time, by contacting us using the contact details set out in "Contacting Us" below. Please note, however, that in certain circumstances it may be still lawful for us to continue processing this information even where consent has been withdrawn, if one of the other legal bases described above is applicable.

Automated processing
We do not carry out automated decision-making or profiling in relation to our clients.

Information sharing

Sharing your information with others
We keep all client information confidential. However, in order to be able to service our clients' needs to the best of our ability, we may share any information you provide to us with SH Group entities and their agents, counterparties and support service or data providers, wherever located.

We may also provide third party service providers access to client information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with Data Protection Legislation.
If you or your Client Business Personnel have provided information to SH Group entities those entities may also share that information with us.

The recipients, or categories of recipients, of your information, or information relating to your Client Business Personnel, may be:

  • any revenue service or tax authority, including HMRC, if obliged to do so under applicable regulations. For Common Reporting Standards and FATCA, we may also have to report your account(s) to the necessary tax authorities;
  • your other advisers (including, but not limited to, accountants or other professional advisers) where authorised to do so by you;
  • UK and overseas regulators, courts and authorities in connection with their duties (such as crime prevention);
  • fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. We and fraud prevention agencies may also enable law enforcement agencies to access and use your information to detect, investigate and prevent crime;
  • third party service providers who support or provide services to us;
  • attendees of our events where we circulate names, corporates names and corporate email addresses on an attendee list for our events;
  • anyone to whom we may transfer our rights and/or obligations under this Policy; and
  • any other person or organisation after a restructure, sale or acquisition.

If we, or a fraud prevention agency, determine that you and/or your Client Business Personnel pose a fraud or money laundering risk:

  • we may refuse to provide the services you have requested, or we may stop providing existing services to you; and
  • a record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you or them.

Sharing third party information with us
If any information which you, your Client Business Personnel provide to us relates to any third party, by providing us with such information you or they confirm that you or they have obtained any necessary permissions from such persons to the reasonable use of their information in accordance with this Policy, or are otherwise permitted to give us this information on their behalf.

Transferring your information outside the EU
Information about you, your Client Business Personnel in our possession may be transferred to other countries (particularly to the entities in the SH Group and their agents in different countries which may include countries outside the European Economic Area) for any of the purposes described in this Policy.
You and they understand and accept that these countries may have differing (and potentially less stringent) laws relating to the degree of confidentiality afforded to the information they hold and that such information can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, courts regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process. In addition, a number of countries have agreements with other countries providing for exchange of information for law enforcement, tax and other purposes.

When we, or our permitted third parties, transfer information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect such information to the standard required in the European Economic Area. We or they may require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where:

  • the transfer is to a country deemed by the European Commission to provide adequate protection of your information;
  • you, your Client Business Personnel and Client Business Personnel have consented to the transfer, or
  • such transfer is otherwise permissible under Data Protection Legislation (for example if we are required to provide such information by law).

Your rights in relation to your information

General rights
You and your Client Business Personnel have a number of rights concerning the way that we use your information. You are responsible for ensuring that your Client Business Personnel are aware of these rights, which comprise:

  • to request access to, or a copy of, any personal data we hold about you or them;
  • to request the rectification of your or their personal data, if you or they consider that it is inaccurate;
  • to request the erasure of your or their personal data, if you or they consider that we do not have the right to hold it;
  • to object to your or their personal data being processed for a particular purpose or to request that we stop using your or their information;
  • to request not to be subject to a decision based on automated processing and to have safeguards put in place if you or they are being profiled based on their personal data;
  • to ask us to transfer a copy of your or their personal data to another party where technically feasible and otherwise required by applicable regulations;
  • to withdraw, at any time, any consent that you or they have previously given to us for our use of your or their personal data; or
  • to ask us to stop or start sending them marketing messages at any time.

Any request for access to or a copy of personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Legislation. We will comply with our legal obligations as regards any individual’s rights as a data subject.

If you would like to contact us in relation to any of the rights set out above please contact us using the contact details in the "Contacting Us" section below.

Retaining your information
We will only keep the information we collect about you and your Client Business Personnel on our systems or with third parties for as long as required for the purposes set out above or as required to comply with any legal obligations to which we are subject. This will involve us regularly reviewing our files to check that information is accurate and up-to-date and still required.

If you terminate your relationship with us, a matter comes to an end, we decline to act on a matter, or you decide not to go ahead with a matter, we may still keep your information.

Sending you marketing information
We and the SH Group may use your information from time to time to inform you and your Client Business Personnel by letter, telephone, text (or similar) messages, email or other electronic means, about similar services (including those of third parties) which may be of interest to you or them.

You and your Client Business Personnel may, at any time, request that we cease or do not send such information by one, some or all channels, by contacting us using the contact details set out below or by clicking "unsubscribe" for the relevant communication.

Contacting us
If you or any of your Client Business Personnel wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about data protection, or you wish to raise a complaint about how we are using your information you can contact us using the following details, or any other details notified to you from time to time:

  • Write to Stephenson Harwood LLP at 1 Finsbury Circus, London, EC2M 7SH or email info@shlegal.com or call +44 20 7329 4422. Please note calls may be recorded or monitored for training purposes;
  • Piraeus office: write to Stephenson Harwood LLP, 2nd Floor, Filellinon 2 & Akti Miaouli, 185 36 Piraeus, Greece, or call T: +30 210 429 5160;
  • Paris office: write to Stephenson Harwood AARPI, 48 rue Cambon, 75001 Paris, France, or call T: +33 1 44 15 80 00; and
  • Details of all our other offices are available on our website, www.shlegal.com.

If you and/or your Client Business Personnel have any concerns about our use of your or their information, you and they also have the right to make a complaint to:

  • the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK: Water Lane, Wycliffe House Wilmslow, Cheshire SK9 5AF, e-mail: international.team@ico.org.uk, website: https://ico.org.uk, helpline 0303 123 1113;
  • the Hellenic Data Protection Authority, which regulates and supervises the use of personal data in Greece: Kifisias Av. 1-3, PC 11523 Ampelokipi Athens, e-mail: contact@dpa.gr, website: http://www.dpa.gr/, telephone number: +30 210 6475 600; and
  • the Commission Nationale de l'Informatique et des Libertés – CNIL, which regulates and supervises the use of personal data in France: 8 rue Vivienne, CS 30223 F-75002 Paris, Cedex 02, website: http://www.cnil.fr/, telephone number +33 1 53 73 22 22.

We may make changes to this Policy and how we use your information in the future. If we do this, we will ensure that the version available on this website (www.shlegal.com) is the current version.

Version: May 2018

Website privacy notice

We at Stephenson Harwood LLP ("SH", "we", "us", "our") operate our website www.shlegal.com (the "Site"). "SH Group" means Stephenson Harwood LLP and other partnerships, corporations and undertakings which are authorised to carry the name "Stephenson Harwood"; and a "member of the SH Group" has a corresponding meaning.

It is important to us that we protect the privacy of personal information and for you to know what type of information we collect and how we treat information we may receive from you. We detail below how we collect personal information about you from your use of the Site.

This Privacy Notice forms part of our Website Terms and Conditions and the definitions in the Website Terms and Conditions also apply to this Privacy Notice.

The types of information we collect from you

We may collect and store the following types of personal information about you when you use the Site or by corresponding with us (for example, by email). This includes information you provide when registering to use the Site or sharing any data via our social media functions. The information given to us may include:

  • your title, name, your age, date of birth, your address, telephone number and your email address; 
  • other personal information including special categories of personal data (e.g. racial or ethnic origin, political opinions, religious or philosophical belief, trade union membership, genetic or biometric data, health, sex life or sexual orientation);
  • information in connection with communications you send us, for example to report a problem, recruitment queries and legal enquiries; and 
  • details of the functions and services you use on the Site.

Automated collection of information

Each time you use the Site, we may automatically collect the following types of information:

  • Technical information: For example, the type of internet browser and the operating system. We use this information to help provide a good user experience on the Site.
  • Log information: For example, the details of the use of the Site by you, the visits to the Site and traffic data. We use this information to help us understand how users use the Site and to improve user experience.

Legal basis for processing

Our processing of your personal information is necessary: (i) for the performance of contracts to which you will be a party and in order to take steps at your request prior to you entering into those contracts; and (ii) for the purposes of legitimate interests pursued by us.

Legitimate interests
Our processing of your personal data is necessary for the purposes of legitimate interests pursued by us, namely: (i) collecting user information to provide you with a safe, smooth, efficient and customised experience; (ii) to make sure you receive updated information on SH's business activities; (iii) to provide the services you have requested and to provide them efficiently; (iv) to ensure that the content on the Site is presented in the most effective manner for you and your device; (v) to allow you to participate in any features on the Site when you choose to do so; and (vi) for our own marketing and research.

Purposes of processing and use of your personal information

We may use your personal information specifically to:

  • subscribe you to our newsletters or updates; 
  • consider your application where you have applied for a position with us; and 
  • tell you about our services and provide you with targeted marketing in relation to our services.

If you are an existing user of our services, we may only contact you with information about services similar to those we provide. If you are a new user of our services, we may contact you with information about our services more generally.

Disclosure of personal information

Except as expressly set out in this Privacy Notice we do not share, sell, or lease personal information about you to any third parties for their marketing use.

We may disclose personal information to provide our services, respond to legal requirements, enforce our policies and protect our rights and property. The personal information you provide to us may also be shared with the SH Group if this is necessary to provide you with our services, respond to your inquiries or for any other related purposes.

We may also provide third party service providers access to information where they support or provide services to us. We will ensure that if we share information with, or provide access to, third party service providers, any such disclosure or access is at all times in compliance with data protection legislation.

We may also share your personal information with:

  • the SH Group;
  • third parties who support our information technology or handle mailings or events on our behalf;
  • law enforcement agencies, other governmental agencies or third parties if we are required by law to do so, or in other limited circumstances (for example if required by a court order or regulatory authority, or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Site, our technology assets or the rights, property or personal safety of any person); and
  • other business entities should we plan to merge with or be acquired by that business entity, or if we undergo a re-organisation with that entity.

Your rights

You have a number of rights concerning the way that we use your information. At any time, you have the right to:

  • request access to or a copy of any personal data we hold about you;
  • request the rectification of your personal data, if you consider that it is inaccurate;
  • request the erasure of your personal data, if you consider that we do not have the right to hold it;
  • object to your personal data being processed for a particular purpose or to request that we stop using your information;
  • request not to be subject to a decision based on automated processing and to have safeguards put in place if you are being profiled based on your personal data;
  • ask us to transfer a copy of your personal data to you or to another service provider or third party where technically feasible; and
  • ask us to stop or start sending you marketing messages at any time by using the below contact details.

Any request for access to or a copy of your personal data must be in writing and we will endeavour to respond within a reasonable period and in any event within one month in compliance with applicable data protection legislation.

Security and storage of your information

Although we maintain physical, electronic, and administrative safeguards to protect your personal information from unauthorised or inappropriate access, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your personal information transmitted to us or provided though the Site.

Personal information that you submit may be sent to, and stored on, secure servers owned by or operated for us. If we collect personal information about you through the use of the Site we will only retain that information for as long as is reasonably necessary to fulfil the activity requested, or as may be required by law.

Your personal information may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") and may also be processed by staff operating outside the EEA who work for us, the SH Group, or for one of our service providers.

When we, or our permitted third parties, transfer your information outside the European Economic Area, we or they will impose contractual obligations on the recipients of that data to protect your information to the standard required in the European Economic Area. We or they may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. In the case of transfers by us, we may also transfer your information where: (i) the transfer is to a country deemed by the European Commission to provide adequate protection of your information; (ii) where you have consented to the transfer; or (iii) where such transfer is otherwise permissible under data protection legislation (for example where we are required to provide such information by law).

Certain features of the Site will allow for social networking. You should ensure when using these features that you do not submit any personal data that you do not want to be sent, collected or used by other users, such as profile details or email address.

Opt-Out

You also have the option of "unsubscribing" from our mailing list for newsletters, alerts and updates at any time, thereby disabling any further such email communication from being sent to you. To unsubscribe just send an email to info@shlegal.com with the word 'remove' in the subject line and the email address that you wish to be removed within the email. In addition, each electronic mailing we send you will contain details of how you can unsubscribe.

Please note that it may take up to 28 days to action your request.

Automated processing

We do not carry out automated decision-making or profiling in relation to your personal information.

Cookies

Our use of cookies
SH set and access cookies and similar technology on your device to obtain information about how you access and use the Site. This helps us to provide you with a good experience and allows us to improve the Site. Unless you have adjusted your browser settings so that it will refuse cookies, the Site will set cookies when you load and navigate them.

Web tracking
If you click through from one of our emails or landing pages to our website we use additional cookies on our website to connect your e-marketing journey with your website journey. This is to help us to provide you with the best user experience and relevant content across our digital marketing channels.

The following cookies are used:

Name

Source

Purpose

Expiry

{Your Back-end Vuture URL}_VxSessionId

Vuture

Track your website journey

Session Cookie: expires as soon as you navigate away from the page

intEmailHistoryId

Vuture

Connect your e-marketing journey with your website journey

1 year

ASPSESSIONID?????

ASP.net

To uniquely identify your visit

Session Cookie: expires as soon as you navigate away from the page

 

If you would like to disable the use of the above cookies, you are able to do so in your browser and there will be no change in your user experience.

What are cookies?
Cookies are text files containing small amounts of information which are downloaded to your device when you visit a Site. Cookies are then sent back to the originating Site during your browsing session or on each subsequent visit, or to another Site that recognises that cookie. The cookies we set do lots of different jobs, such as to help us to improve the Site and deliver a better and more personalised service, remember your preferences, and generally improve the user experience. You can find more information about cookies at http://www.allaboutcookies.org/.

Cookies can be categorised in accordance with the categories found in the ICC UK cookie guide as set out below:

  • Strictly necessary cookies – these cookies are essential in order to enable you to move around a Site and use its features and enable services you have specifically asked for. Consent is not generally required for these cookies.
  • Performance cookies – these cookies collect information about how visitors use a Site (for example, by recording which pages or features visitors use most often (usually on an anonymous basis)).
  • Functionality cookies - these cookies allow a Site to remember the choices a user makes, such as a user name or language preference.
  • Targeting or advertising cookies - these cookies collect information about a user's browsing habits and are usually placed by advertising networks with the Site operator’s permission.

Cookies can also be categorised in accordance with how long they are saved on your device: "session cookies" are short-term cookies that are only saved on the device's memory for the duration of a user's visit to the Site, whereas "persistent cookies" remain saved in the device's memory for a set period of time, even after the browser session has ended.

Refusing or restricting cookies

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. The "Help" or "Internet Settings" functions within your browser should tell you how. Alternatively, you may wish to visit http://www.allaboutcookies.org/ which contains detailed information on cookies and how to delete, restrict or block them on a wide variety of browsers. For information on how to do this on the browser of your mobile phone you will need to refer to your handset manual.

Please be aware that if you select to refuse or restrict cookies you may be unable to access certain parts of the Site.

Contacting us

If you have any questions about this Privacy Notice, please contact us at info@shlegal.com, on +44 20 7329 4422 or alternatively at 1 Finsbury Circus, London EC2M 7SH.

If you have any concerns about our use of your information, you also have the right to make a complaint to the Information Commissioner's Office, which regulates and supervises the use of personal data in the UK, via their helpline on 0303 123 1113.

Changes to this Notice

We may amend this Privacy Notice at any time by posting the amended terms on the Site and in our App. All amended terms will automatically take effect immediately on posting. Please check this Privacy Notice periodically to inform yourself of any changes. If you do not accept the changes made to this Privacy Notice you should immediately stop using the Site.

Version: May 2018

print-footer
logo
© Stephenson Harwood LLP 2016. Any reference to Stephenson Harwood in this document means Stephenson Harwood LLP and/or its affiliated undertakings. Any reference to a partner is used to refer to a member of Stephenson Harwood LLP.