Who we are
WANNOPS LLP (‘Wannops’), South Pallant House, 8 South Pallant, Chichester, West Sussex, PO19 1TH is a limited liability partnership registered at Companies House with registration number OC370590.
Wannops is committed to respecting and protecting the privacy of all visitors to its website (the ‘website’) and of its clients and contacts. In this document we refer to Wannops as ‘we’ ‘us’ and ‘our’.
Please read this policy to understand how we collect, use store and protect the personal information that you provide to us or that we obtain or hold about you and to understand your privacy rights are in relation to the personal information that we hold about you.
Do you need extra help?
If you would like this document in another format (for example: audio, large print, braille) please contact us (see ’Contacting Us’ below).
Wannops is the data controller for your personal data, unless we notify you otherwise. This means that Wannops is responsible for determining the purposes for which, and the manner in which, your personal information is collected, used, stored and protected.
Adam Workman is the partner who is responsible for overseeing compliance with this policy and for dealing with all data privacy matters.
You may contact us at Wannops LLP, South Pallant House, 8 South Pallant, Chichester, West Sussex, PO19 1TH or telephone 01243 778844.
Alternatively, any questions or comments about this policy or the way in which we use your personal information or any requests in relation to your rights or any concerns about the use of your personal information may be addressed to us at firstname.lastname@example.org
Contacting the Regulator
We hope that we can resolve any query or concern you raise about our use of your information but in the event that we do not do so to your satisfaction you can contact the Information Commissioner’s Office (‘ICO’) for information, advice or to make a complaint via its website https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Our website may, from time to time, contain links to and from third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy policies.
For privacy information relating to those other third party websites, please consult their own privacy policies as appropriate.
Our website is not intended for use by children.
Our collection and use of your personal information
There are a number of ways in which we may collect your personal information:-
- We may automatically collect technical information about you when you visit our website, such as your IP address (a series of numbers that identifies a computer, mobile or other device on the internet), login data, marketing preferences, browser type and version, or browsing activity while on our website (see’ Cookies’ below), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We will use this information to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to improve our website to ensure that content is presented in the most effective manner for you and for your computer. It may also be necessary to allow you to participate in interactive features of our service, when you choose to do so, or as part of our efforts to keep our website safe and secure, or to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- You may provide contact information and identity information directly when making an enquiry through our website or contacting us by telephone / email or otherwise and asking us to contact you, such as your name, title, address, telephone number and/or email address and any other information you provide when you register to use our site, subscribe to or request information about our services, book you onto a course or an event, request marketing information be sent to you, provide us with feedback, or when you report a problem with our website.
- When you visit any of our offices which usually have CCTV systems operated for the security of both staff and visitors, we may collect identity information as these systems may record your image during your visit.
- If you ask us to provide an estimate of costs for legal work, or if we provide you with free initial advice or you enter into a contract with us or become a client of the firm, or we are asked to undertake the necessary steps prior to you become a client of the firm or before entering into a contract with you, you may be asked to provide us with contact information so that we may introduce you to our expert lawyers, administer any application you might make, and identity information to verify your identity e.g. your address, date of birth, passport details, or photo driver’s licence details, and transactional information (details about your matter and circumstances) as well as contact information for you and other parties to the matter along with any additional information that we consider relevant as part of your instruction so that we may provide legal services.
- We may need to collect financial information, for example if we receive monies on your behalf such as proceeds from a property that you sell we may also ask for bank details to transfer those monies to you.
- We may collect information about you from publicly available sources, for example from Companies House, HM Land Registry or the Electoral Register.
- We may also receive information about you from third parties such as other law firms, insurers, estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists. Our clients and matter contacts may also provide us personal information about you if you are involved in a transaction or dispute with one of our clients or have a connection with them such as being a tenant or employee of a client.
- Depending on the nature of the work that we are undertaking, we may in certain cases collect special categories of personal data (this includes details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We may in certain cased also need to collect information about criminal convictions and offences.
- We may combine this information we receive from other sources with information you give to us and information we collect about you. We may use the combined information for the purposes set out above (depending on the types of information we receive).
Our legal basis for processing your personal information
When we use your personal information we shall only use it for the purpose it was collected and where we have a legal basis for doing so. There are various different legal bases on which we may rely, depending on what personal information we process and why and we may rely upon more than one legal basis for which we are using your personal information. Please contact us if you need details about the specific legal grounds we are relying upon to process your personal information.
We may process your data with your consent, for example where you make a legal assistance enquiry through our website and ask us to contact you or you consent to certain marketing activities.
We may process your personal information in order to carry out any contractual obligation arising from any agreements entered into between you and us, including any steps necessary before entering into a contract and / or to provide you with information and services that you request from us.
We may have a legal obligation (not including contractual obligations) to process your data, for example in carrying out anti-money laundering checks or where we are obliged to pass on details of people suspected of being involved in money laundering to law enforcement.
We may need to proceed your personal data to protect your vital interests e.g. if you were unfortunate enough to fall ill or suffer an injury on our premises
We may also process your data to pursue our legitimate interests i.e. in a way which might reasonably be expected in the course of conducting or managing our business for example to advise you of legal updates or tell you about our services that we think may be of interest to you or to administer, support improve and develop our business generally, make our systems and procedures more efficient and secure and to give you the best service and the best and most secure experience.
We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). If you have any questions concerning how we assess our legitimate interests against any potential impact on you in respect of specific activities you can contact us at email@example.com
If we process any special categories of information (i.e., details about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) we must have a further lawful basis for the processing. This may include where:-:
- you have given us your explicit consent to do so e.g. to cater for your medical or dietary needs at an event
- it is necessary to protect your vital interests or someone else’s vital interests
- you have made the information public
- it is necessary for the establishment, exercise or defence of legal claims
- it is necessary for reasons of substantial public interestg. to undertake activities in relation to the prevention or detection of fraud or other unlawful or dishonest activities.
If we process any information relating to your criminal convictions or offences, we will typically rely on one of the following lawful bases:
- preventing or detecting unlawful acts
- complying with our regulatory requirements in relation to unlawful acts or dishonesty
- dealing with suspicions of terrorist financing or money laundering
- where it is necessary for us to obtain or provide legal advice or establish, exercise or defend legal rights.
We will not use your personal information otherwise than is permitted by law nor in any way that is inconsistent with the original purpose(s) for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at any time.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your consent, in compliance with the above rules, where this is required and permitted by law.
Who we share your personal information with
We may in certain circumstances share your personal data with third parties.
Where we transfer information to third parties to enable them to process it on our behalf, we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.
Third parties to whom we may in certain circumstances need to transfer your personal data to may include:-
- members of our group, including subsidiaries, and our ultimate holding company or limited liability partnership.
- service providers acting as processors who provide IT and system administration services, analytics and search engine providers that assist us in the improvement and optimisation of our website.
- HM Revenue & Customs, Courts and Tribunals, regulators and other authorities, law enforcement or fraud prevention agencies acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- lawyers, experts, brokers, agents, bankers, auditors and insurers who provide consultancy, broking etc, banking, legal, insurance and accounting services.
- organisations or professional advisors with whom we are working on client matters or to whom we are referring you for additional or separate advice. If you agree to act as a referee for us in relation to other legal work for which we are tendering, we will only do this with your prior permission.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Some of third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfers of your personal information out of the EEA’.
Transfers of your personal information out of the EEA
Some of the information you provide to Wannops will be held on our computers in the UK and will only be accessed by or given to our staff (or staff of Wannops’ partners or affiliates) working in the UK.
Information you provide to Wannops may also be transferred to, stored and processed by third-party organisations which process data for us and on our behalf such as third-party IT platforms (including cloud-based platforms), suppliers of administrative and support services, and suppliers of other specialist products. These third parties may be based (or store or process information) in the UK or elsewhere including outside of the EEA.
Any transfer of your personal information will be subject to appropriate safeguards as permitted under the GDPR or such other relevant applicable laws that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information.
Please contact us at firstname.lastname@example.org if you would like further information about the specific mechanism used by us when transferring your personal data outside of the EEA
Under applicable data privacy laws you have a number of important rights. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- request access to your personal data (commonly known as a ‘data subject access request’) and to certain other supplementary information. This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
- request correction of the personal information we hold about you. This enables you to correct any inaccurate or out of date data we hold about you, though we may need to verify the accuracy of the new data you provide to us.
- request erasure of personal information concerning you in certain situations. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal or legitimate business reasons which will be notified to you, if applicable, at the time of your request.
- request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- request transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- withdraw consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Note, however, that we have a specific legal or legitimate business reason to continue to process your personal data even though you may not consent to such processing. This will be notified to you, if applicable, at the time of your request.
- object to automated decision making. Decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you.
- Object to processing of your personal data for direct marketing (see ‘Marketing’ section below) or in certain other situations. Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
For further information on each of those rights, including the circumstances in which they apply, guidance is available from the ICO https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Exercising your rights
To protect the confidentiality and security of your information, we will ask you to verify your identity before proceeding with any request you make under this policy. If you would like to exercise any of the rights outlined in this policy, please:
- email, call or write to us at the above
- provide enough information to identify you
- provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- provide the information to which your request relates including any client or reference numbers, if you have them.
Responding to your requests
We shall try to respond to all legitimate requests within one month of you providing us with proof of your identity and any additional information we may require in order to speed up our response to your request. Occasionally it may take us longer than a month if your request is particularly complex or you have a number of requests. In this case, we will notify you and keep you updated.
You will not generally have to pay a fee to access a copy of your personal data (or to exercise any of your rights). However, in certain circumstances we may be entitled to charge a reasonable fee to meet our costs in providing you with details of the information we hold about you, for example where your request is clearly unfounded, repetitive or excessive. In such circumstances we may also be entitled to refuse to comply with your request.
Keeping us Informed
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
If you fail to provide personal data
Where we need to collect personal data by law, or under a contract we have with you and you fail to provide information when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the terms of engagement which you have with us but we will notify you if this is the case at the time.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Whenever we collect or process your personal data, we will only store it for as long as is necessary for the purpose for which it was collected including for the purposes of satisfying any legal, accounting, or reporting requirements.
For information on our retention of information policy you can contact us at email@example.com
To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Information) for six years after they cease being clients for tax, and regulatory purposes.
In some circumstances you can ask us to delete your data; see ‘Your Rights’ above for further information.
A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you visit a website. Cookies help websites to perform certain functions e.g. to know who you are if you log into a restricted part of a website, or for tracking purposes.
If you do not want to receive cookies, you can usually reject them in your browser settings provided they are not necessary for the delivery of a website or its services.
Information gathered through cookies and similar technologies are used to measure and analyse information on visits to our websites, to tailor the websites to make them better for visitors and to improve technical performance. We will not use the data to identify you personally or to make any decisions about you.
We may where you have provided consent or it is in our legitimate interest to do so and provided it is permitted by applicable laws, send you information about our services which may be of interest to you.
Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email, or telephone.
We may send you marketing communications if you have requested information from us or purchased services from us or if you provided us with your details and, in each case, you have not opted out of receiving marketing communications from us.
We wish to ensure that you receive the information that you wish to receive in the way you want to receive it. If you no longer wish to be contacted in this way you may opt-out or amend your preferences by emailing us at firstname.lastname@example.org at any time.
We will never sell your information to third party marketing companies.
For more information on your rights in relation to marketing, see ‘Your Rights’ above.