WEDLAKE BELL PRIVACY NOTICE
Last updated: 30 March 2023
This privacy notice (notice) explains how we, Wedlake Bell LLP, WB Global Limited, Outsourced Data Protection LLP t/as ProDPO and our associated entities listed in the schedule at the end (we, us, our) process your personal data if you use our services or otherwise engage with us online or offline.
If you have any question about your data protection rights or if you do not understand anything explained in this notice, please contact us by email to firstname.lastname@example.org.
1. WHO DOES THIS PRIVACY NOTICE APPLY TO?
This notice applies to:
- users of our website, online content and features
- our clients and prospective clients and subjects and concerned parties of our legal services, such as our client’s family members, beneficiaries of a trust, counterparties in a transaction or dispute and others
- our suppliers and business partners
- job applicants
- anyone else who interacts with us, if you call, email or visit us or otherwise engage with us online or offline
This notice applies to you if you act in your personal capacity, for example, as our client, and if you act in your professional capacity, for example, as an employee or agent of our service provider or corporate client.
2. WHAT TYPES OF PERSONAL DATA DO WE PROCESS?
“Personal data” means any information that identifies you or relates to you.
We will process the following personal data about you:
- Contact information including your home and business address, telephone, email and similar information.
- Engagement information in relation to our communications, online properties and content including open rates, click rates, view rates, active time spent, ‘likes’ on social media platforms, such as Twitter or LinkedIn, survey and feedback data, indication of your status as app user (e.g. online, offline, do not disturb, etc.) and similar information.
- Financial information including your bank details, payment details, VAT and other tax information, assets, liabilities, billing address and similar information.
- General information including your name, job function, date of birth, nationality, gender, marital status, passport or national identity card details, tax status, countries of domicile and residence, immigration status, image, details of your enquiry or communication and similar information.
- Profile information including your demographic information from our analytics and advertising partners, your preferences and interests known, observed or inferred by using analytics, advertising or other tools and sources including notes of your past interactions with us.
- Public information from public registers, databases, social media, the Internet and similar sources.
- Security information including CCTV footage, swipe card records, logs, network monitoring and logging data, antivirus scan and similar information.
- Special categories of personal data including your race, ethnic origin, religious or philosophical beliefs, sexual orientation, political or trade union affiliation and information about your health.
- Technical information including online identifiers, internet protocol (IP) address, details of operating system, browser type, language, time zone setting, location, date and time of access, local storage data and similar information obtained from your device, browser, an API or similar source.
- Usage information about how you navigate and engage with our online services, features including online activity data such as downloads, clickstream data with URLs visited previously, page interaction, such as scrolling, clicks, and mouse-overs, methods used to browse away from our website, information in security logs and similar information
- Your background information including your general information, contact information and financial information obtained from you, public information and background information obtained from third parties such as identity, criminal record, credit or background check vendors, former employers or clients and similar information.
3. DATA ACCURACY
We will trust that your personal data is accurate, complete and up to date. We ask that you keep us informed of any changes.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We collect your personal data as follows:
- From you, when you contact us, complete our AML & KYC process, sign up online, view our online content, use our online platform, visit our offices and otherwise.
- From devices, when you open our email or navigate our website, content and features or when you are captured by our CCTV.
- From third parties, such as our client, counterparty, your associate or partner, credit reference or background check agencies, recruitment agencies, referees, social media platforms and other third parties.
- From the public domain, such as information on social media, the Internet, Companies House or other public records.
If you provide information about others, please ensure you have their consent to do so or let us know if you do not.
5. WHY DO WE PROCESS YOUR PERSONAL DATA?
This section explains what personal data is necessary for each purpose. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.
If you fail to provide information to us this may affect our ability to provide our services or to act for you. For example, we have a legal obligation to obtain your proof of identity for AML & KYC purposes.
The “lawful basis” column explains how we comply with a technical legal justification for data processing under data protection laws. Please contact us if you have any questions.
|Purpose||Personal data||Lawful basis of processing|
|To assist with your enquiry.||general information contact information||Necessary for our legitimate interest in responding to enquiries and complying with best practice or, as the case may be, necessary for taking steps prior to entering into a contract or the performance of our contract with you.|
|To onboard you as our client, including AML (anti-money laundering) checks for the purposes of preventing money laundering or terrorist financing, KYC (know your customer) checks, due diligence and a conflict check for each new matter.||your background information client file||Necessary for taking steps prior to entering a contract or the performance of our contract with you as our client, compliance with our legal obligations and the performance of a task carried out in the public interest.|
|To provide legal services to you.||general information contact information client file||Necessary for the performance of our contract with you, compliance with our legal obligations such as under the Code of Conduct for Solicitors andto satisfy our legitimate interest in understanding your needs and providing a relevant service.|
|To provide our website and online services to you and the general public including our website, content and features.||technical information||Necessary for our legitimate interest in providing our online services to our clients and the public and complying with best practice, the performance of our contract with you as our client and compliance with our legal obligations.|
|To provide to you online collaboration tools such as our data room, video conference app and similar online platform services provided by third parties.||any personal data uploaded by you or provided during your use of such platform||Necessary for our legitimate interest in providing our online services to our clients, the performance of our contract with you as our client and compliance with our legal obligations.|
|To handle your funds as is necessary in connection with your legal matters, including sharing your information with our banks and other financial services providers to set up a client account and carry out compliance checks.||general information contact information financial information your background information||Necessary for the performance of our contract with you, compliance with legal obligations andto satisfy our legitimate interest in enabling banks and financial services providers to comply with their regulatory obligations and following best practice.|
|To send you service communications about matters relevant to your use of our services and your engagement with us, changes in our terms, transaction records, surveys and other feedback requests, etc.||general information contact information engagement information||Necessary for the performance of our contract with you and our legitimate interest in understanding our clients needs and views about our services and keeping them informed.|
|To send you relevant marketing communications about our services, such as our events and insights.||contact information profile information||Necessary for our legitimate interest in promoting our experience and knowhow. You have the right to unsubscribe from marketing at any time.|
|To enable you to attend our events and enquire about your accessibility and dietary requirements.||profile information engagement information special categories||Necessary for our legitimate interest in promoting our services, ensuring participant satisfaction and as necessary for compliance with legal obligations and fulfilling our duty of care.|
|To assess your job application and for business administration purposes. For example, if you apply for a job, we will review your CV, publicly available information about you, information from your previous employers, professional references, criminal and credit check and other information. We may use automated decision-making to eliminate applicants who fail to meet the basic criteria for a role.||general information contact information profile information public information your background information||Necessary for our legitimate interest in responding to you query and, as the case may be, necessary for taking steps prior to entering into a contract. Special categories data may be processed as is necessary in the context of employment and social security laws.|
|To understand our audiences, client profiles and service provider profiles to inform practice area strategy and content creation, for service development, research, marketing, and business administration. For example, we will use online analytics tools to understand our client demographics on an anonymous basis. We will collect information about your engagement with our marketing communications to gauge your interests. We will combine information from different sources to understand your profile.||anonymised or pseudonymized information general information contact information profile information public information engagement information technical information usage information||Necessary for our legitimate interest in understanding our typical client profiles and demographics for business development, service development, research, marketing and administration. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services (please see the cookie section below).|
|To introduce you to third parties who may provide additional services or information if you requested such referral.||general information contact information||Necessary for our legitimate interest in providing a relevant service and business development.|
|To ensure the proper administration of our organisation, including to: keep appropriate records;resolve complaints;conduct troubleshooting;enforce our terms; debt collection; andsimilar purposes.||all personal data as is necessary and proportionate||Necessary for compliance with our legal obligations,to establish, exercise or defend legal claims and necessary for our legitimate interest in the proper administration of our organisation and services and protecting our reputation.|
|To ensure the physical security of our premises. To ensure information security ofour website, content, features and communication channels.||general information security information||Necessary for our legitimate interest in ensuring the security of people, our business and corporate assets, compliance with our contractual obligations, and as necessary for compliance with our legal obligations.|
|To ensure your health and safety at our premises or to make reasonable adjustments on account of your disability.||general information special categories||Necessary for our legitimate interest in ensuring good accessibility at our premises and complying with best practice, compliance with our legal obligations and in the substantial public interest.|
|To engage our third party service providers who may process your personal data on our behalf to facilitate the provision of our services and the fulfilment of essential service functions which we cannot fulfil ourselves, such as hosting, cloud storage, but also partners who process data for their own purposes and provide linked services such as communications, recruitment platforms and others.||all personal data as is necessary and proportionate||Necessary for our legitimate interest in providing meaningful and helpful features and services.|
|To detect or prevent crime, breach of contract or unethical behaviour.||All personal data as is necessary and proportionate||Necessary for our legitimate interest in protecting people, our business and corporate assets and detecting and preventing crime, and compliance with our legal obligations.|
|Processing and sharing your personal data for legal and regulatory compliance including health & safety requirements, fiscal and tax obligations, solicitor conduct and similar requirements. For example, there are certain tax reporting regimes in relation to trustees, settlors and beneficiaries including under various international reporting standards which have been incorporated into English law. Under these regimes, HMRC may share information from our reports with authorities in third countries.||All personal data as is necessary and proportionate||Necessary for compliance with our legal obligations or for our legitimate interest in complying with best practice.|
|Processing and sharing your personal data in connection with legal claims, law enforcement or regulatory requests, orto demonstrate that we have fulfilled our duty of care owed to you.||All personal data as is necessary and proportionate||Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims or for our legitimate interest in complying with best practice.|
We will update you about any new purposes of processing of your personal data from time to time. We may process your personal data for other purposes which are compatible with the existing ones. However, we will obtain your prior consent for any new purpose where required by law.
6. WHO IS YOUR PERSONAL DATA DISCLOSED TO?
We may share your personal data with the following third parties:
- The subject or object of our legal services, in accordance with our instructions, such as our client’s family member or a counterparty in a transaction or dispute
- Our contact where you have asked for a referral
- Our associated entities
- Background checking and credit referencing agencies, the Disclosure and Barring Service and identity check vendors
- Your bank if we make a payment to you
- Our bank if we make a payment to you or set up a client account for you
- Our service providers and partners in the context of the relevant services
- Recruitment agent, your former employer, client or other person proving a reference about you
- HMRC, Solicitors Regulatory Authority, Information Commissioner’s Office, the Police and other law enforcement authorities and other authorities where required by law or best practice
- The public if you interact with us on social media or as required by law, e.g. to publish your details on Companies House or other public register
- Third party where ordered by the court or necessary in establishing, exercising or defending legal claims
- Another firm or organisation in case of a sale or acquisition of our business or upon partner move from or to another firm
7. HOW DO WE SECURE YOUR PERSONAL DATA?
We have put in place appropriate organisational and technical measures to safeguard your personal data that we keep on premise or on our systems.
We seek to ensure our third-party service providers do the same. We only appoint service providers under appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.
No system is completely secure and we cannot fully guarantee the security of your personal data. We will deal with any personal data breach in accordance with our incident response procedure and will notify you and the regulator where we are legally required to do so.
Our staff undergo training on confidentiality and access to your personal data is restricted on a “need to know” basis.
8. HOW LONG IS YOUR DATA KEPT?
We will retain your personal data for as long as it is necessary for the purposes set out above. Generally, the following retention periods will apply. However, the actual data retention period may be shorter or longer as it will depend on statutory, legal and practical requirements.
|CCTV||30 days from your visit to our premises or as long as necessary for any investigations|
|Client files||Between 6 and 80 years from client file closure, depending on matter and engagement type|
|Client Relationship records||6 years from last update|
|Financial transaction||6 years following transaction|
|KYC and AML compliance||6 years following client file closure|
|Recruitment||Between 6 months and 3 years from application, depending on application type|
|Technical and Usage Information||6 years from creation|
After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.
9. WHERE WE STORE YOUR PERSONAL DATA
Generally, your personal data will be held in the UK.
However, we may use or make available tools which require the transfer of your personal data outside the UK. In these cases, we will satisfy ourselves that your data protection rights are adequately protected by appropriate technical, organisational and contractual safeguards in accordance with data protection laws before any such transfer.
If you would like us to stop sending you marketing communications and to process your personal information for direct marketing purposes, please contact us.
You can request to stop receiving our marketing communications at any time by clicking on the unsubscribe link at the bottom of each marketing message and we will add you to a suppression list or otherwise arrange that you no longer receive marketing communications.
11. YOUR RIGHTS
Subject to certain exemptions, you have the following rights in relation to your personal data:
- Right to information about matters set out in this notice. You may also contact us for further details about our data retention policy, international data transfers and other matters that are unclear.
- Right to make an access request to receive a copy of your personal data held by us.
- Right to rectification of any inaccurate or incomplete personal data.
- Right to withdraw consent previously provided.
- Right to object to our processing of personal data based on our legitimate interests.
- Right to erasure of personal data that is no longer needed.
- Restriction on the processing of personal data.
- Right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
- Right to data portability from one service provider to another, where applicable.
- Right to lodge a complaint with the Information Commissioner’s Office.
All requests will be processed without undue delay and no later than within one month. If we cannot process your request within this period, we shall explain why and process it as soon as possible thereafter.
12. DATA PROTECTION OFFICER
Our Data Protection Officer can be contacted by post to Wedlake Bell LLP, Data Protection Officer, 71 Queen Victoria Street, London, EC4V 4AY or by email.
13. THIRD PARTIES MAY PROCESS YOUR PERSONAL DATA
Our website, content and features may involve the use of third party services, social media platforms such as Twitter or LinkedIn, digital video and audio services such as YouTube or Spotify and other third party services.
We will also share your personal data with third parties, such as credit reference agencies, payment services providers, public authorities and others who process your personal data for their own purposes.
You should check the privacy statements of these third parties and we are not responsible for how they may process your personal data. Please note some of them may use your personal data for business administration, product development or advertising purposes.
14. UPDATES TO THIS NOTICE
If we make any changes to our notice, you will be able to see them on this page, as indicated by the “Last updated” date at the top.
If any such changes significantly affect you, we will ask for your prior consent where we are required to do so by law.
SCHEDULE: GROUP AFFILIATES
|Entity||Entity Registration||ICO Registration||Registered Office Address|
|Bedford Trust Corporation Ltd||A limited liability company registered in England and Wales under registered number 13083442.||ZB238056||71 Queen Victoria Street, London, EC4V 4AY England|
|Outsourced Data Protection LLP t/as ProDPO||A limited liability partnership and registered in England and Wales under registered number OC417574.||ZA298380|
|W B Trustees Limited||A limited liability company registered in England and Wales under registered number 01335857.||ZB325647|
|WB Global Limited t/as iGlobal Law||A limited liability company, authorised and regulated by the Solicitors Regulation Authority, and registered in England and Wales under registered number 08181382.||Z3552356|
|Wedlake Bell LLP||A limited liability partnership, authorised and regulated by the Solicitors Regulation Authority, and registered in England and Wales under registered number OC351980.||Z5854264|
|Wedlake Bell Pension Trustees Limited||A limited liability company, authorised and regulated by the Solicitors Regulation Authority, and registered in England and Wales under registered number 02758590.||ZB325882|