Privacy Notice

Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.

Who we are?

Antony Clapp Solicitors is a trading name of ACS Legal Limited, which is a private company limited by shares registered at Companies House under company number 08810376.

Our registered offices are Holly Bank Chambers, Oasts Business Village, Red Hill, Wateringbury, Kent ME18 5NN.Phone: 01622 815940 email:enquiries@antonyclapp.co.uk.

ACS Legal Ltd collects, uses and is responsible for personal information about you. When we do this we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.

What do we do with your information?

Whose data do we hold?

We may hold data about the following people:

  • Clients

  • Suppliers and service providers

  • Petitioners and Respondents

  • Complainants

  • Enquirers

  • Advisers, consultants and other professional experts

  • Employees

Information collected by us

When carrying out legal services in relation to a client matter we collect personal information that you provide to us. This may be:

  • Identity and contact information

  • Personal details

  • Family details

  • Lifestyle and/or social circumstances

  • Financial details

  • Business contact and activities

We may also collect ‘special category’ information such as:

  • Physical and mental health

  • Racial or ethnic origin

  • Religion or philosophical belief

  • Sex life or sexual orientation

  • Criminal convictions

When carrying out recruitment activities we collect full name, email and postal address, phone number and other relevant information provided by you on your CV, application form or letter.

Information collected from other sources

As a matter of routine in relation to managing a client matter, we will also receive personal information regarding a spouse/partner via the Solicitor and/or Practice representing them.

As part of Anti-Money Laundering legislation requirements, we will undertake a web-based AML check on all new clients. This information is sourced from suppliers such as BT, Royal Mail, HM Treasury, OFAC, Creditsafe, Equifax, Experian, Lawyer Checker and LexisNexis.

We may process information contained in any enquiry you send us via our website or any company email address. Enquiry data may include your name and email address, plus any details you provide to us to support your enquiry.

We collect information about your use of our website through cookies. Cookies are information that files stored on your computer, tablet or smartphone access to help websites remember who you are, as well as information about your visit. This helps us understand how you engage with our site and is processed through Google Analytics. The site usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths.

We also use third-party cookies to allow you to share content directly on social networking/sharing sites like Facebook, Twitter or LinkedIn. Examples would be if you wanted to “like” or “tweet” about an article we have written on our blog. Additionally, we use third-party cookies for tracking online transactions. The third-party’s processing of data is based on "legitimate interest" in accordance with Art. 6 (1) f of GDPR. The data that they use for tracking is pseudonymous, insensitive, largely technical and is not related to behaviour, statements or evaluations of consumer interests or personalities.

For example, a tracking cookie would collect the following data (among others):

  • IP address (hashed)

  • Click reference

We may also use internet-based people finder websites to trace people and their addresses, for example, for the reimbursement of client money or non-payment of bills.

How we use personal information

We use personal information for the following purposes:

  • The provision of legal services including advising and acting on behalf of clients.

  • To maintain our accounts and records.

  • The promotion of our goods and services.

  • To support and manage our employees.

Information that has to be provided by you and why

Before we can legitimately act on your behalf, you must provide your full name and proof of address to us. This can be a combination of your current passport, a photographic driving licence or a utility bill issued within the last three months. This personal information must be provided to enable us to comply with the requirements of the Anti-money Laundering & Counter Financing of Terrorism Act.

When we collect information from you, we will inform you whether you are required to provide this information to us.

Legal reasons we collect and use your personal information

The legal basis for the processing of your information is the performance of a contract between you and us and/or preparing, at your request, to enter into such a contract. It is also in our legitimate interests, namely:

  • the legal compliance, management & administration of our business

  • the recruitment, selection and employment of our staff

  • the analysis and improvement of our website and services.

We keep information passed to us confidential and will not disclose it to third parties except as authorised by you expressly or implicitly, stated within our terms of business or required by law.

Who will we share your personal information with?

If, on your instruction, we are working with other professional service providers we may need to disclose any relevant information about your matter to them. If we do need to do this we will request your permission before doing so. The information shared could include any of the data listed in the “Information collected by us” section on page one of this policy.

The types of third parties are:

  • Barristers

  • Medical experts

  • Healthcare professionals, social, welfare or dispute resolution organisations

  • Courts and tribunals

  • Ombudsman and regulatory authorities

  • Financial organisations

  • Credit reference agencies

  • Private investigators

We will share personal information with law enforcement agencies if required by law. We may also disclose your information to debt collection agencies if you do not pay our bills.

Transfer of your information outside the European Economic Area (EEA)

All electronic and manual data controlled by ACS Legal Ltd is stored securely within the UK. However, in some circumstances, it may be necessary to transfer your personal information outside the EEA or to an international organisation for the performance of your contract with us or for the exercise or defence of legal claims on your behalf. For example, dealing with or in respect of a property you own outside of the EEA. If this occurs we will always seek your permission to do so before proceeding as these countries do not have the same data protection laws as the United Kingdom and EEA.

However, we aim to provide a similar degree of protection of your personal data by employing at least one of the following safeguards:

  • Only transferring personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;

  • Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and

  • In relation to providers based in the US, transferring data to them if they subscribe to the ‘Privacy Shield’, which requires them to provide similar protection to personal data shared between Europe and the US.

If we are unable to comply with these safeguarding measures and no other legal framework can be used, then we may also refer to one or more of the derogations listed in the Regulation. Examples of derogations include, an individual giving consent for their data to be transferred; if a transfer is necessary for the conclusion or performance of a contract; or for exercising defence in legal proceedings. If you would like any further information please contact the Solicitor responsible for your matter.

How long will we store your personal data?

We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We will keep client files for seven years from the date that they are closed, except those papers that you ask to be returned to you. We keep files on the understanding that they can be destroyed after this retention period, unless there is an outstanding debt on the account. We will not destroy documents you ask us to deposit in safe custody or a will that we prepared for you. More detailed information is contained within our data retention policy, which is available on request.

Consent

We rely on your explicit consent to process information in relation to marketing and non-matter-related communications. You provide this consent when you opt-in on the “Supplemental Sheet incorporated in the Terms of Business of Antony Clapp Solicitors” document you sign and return instructing us to work on your behalf. You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent. You can opt-out by emailing enquiries@antonyclapp.co.uk or writing to us at our registered address, the details of which can be found on page one.

Your Rights

Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge.

In summary, these are:

  • For us to provide you with details of how we use your personal data and fair processing of your information;

  • For us to give you access to your personal information and other supplementary information;

  • For us to correct any mistakes or complete missing information we hold on you;

  • For us to erase your personal information in certain circumstances;

  • For us to give you a copy of the personal information you have provided to us (or have this information sent to a third party) in a structured, commonly used and machine-readable format;

  • For us to restrict our processing of your personal information in certain circumstances;

  • For you to object at any time in relation to the processing of your personal information for direct marketing;

  • For you to object, in other certain situations, to the continued processing of your personal information;

  • For you to request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;

If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR. If you want to exercise any of these rights, please email, call or write to us by using the contact details listed on page one. However, in order for us to be able to act on your request you will need to:

Let us have proof of your identity and address, either in original or certified copy format, for example:

  • current, valid full passport (certified copies must show nationality, place and date of birth, passport number, expiry date, photograph and signature)

  • current, valid full UK photo-card driving licence with signature or ‘old style’ driving licence

  • current, valid UK photo-card provisional licence

  • Northern Ireland Voter’s Card showing your current address

  • Armed Forces ID Card

  • State the right or rights that you wish to exercise.

We will respond to you within one month from when we receive your request. Please note if you wish to unsubscribe from any email you can do so by writing or emailing us, the details for which can be found on page one. It may take up to 14 working days for this to become effective.

How to make a complaint?

We hope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below). Alternatively, you can view our full complaints procedure here.

The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area). You will need to state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office, who can be contacted at https://ico.org.uk/concerns/.

Our Security

The information we collect and retain about you can be held by us in either hard-copy or electronic format.

Our electronic protection measures are as follows:

  • Computers are locked or turned off at the end of the day by all users.

  • All workstations have antivirus software that is monitored centrally and provides email and website real-time scanning and blocking.

  • Access to data is secured via usernames, complex passwords and if necessary, a lockout mechanism.

  • Installation of a network intrusion prevention system, spam email filtering and virus protection software.

  • A fully encrypted system backup to a UK cloud storage system owned, controlled and managed by our IT providers.

  • An encrypted connection to a cloud-based electronic practice management system which holds and backs up data in UK-based data centres.

  • ACS Legal Ltd is fully compliant and certified under the Cyber Essential Scheme.

Our security measures of your information stored in hard copy are as follows:

  • We have a clean desk policy and all personal information is securely stored at the end of each day in lockable cabinets.

  • There is a managed and robust system for the security of all office and cabinet keys.

  • The building has a maintained alarm and access to our offices is protected by coded door locks.

  • Archived files kept at our offices are stored in a designated secure room.

  • Archived files kept off-site are stored by organisations that are ISO27001 accredited.

Future Processing

We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will inform you by your preferred method of contact.

Changes to this privacy notice

This privacy was published on 28th June 2018 and last updated on 23rd August 2024. We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you by your preferred method of contact.

Get in touch

If you have any questions about this privacy notice or the information we hold about you, please contact us using the details listed on page one of this policy.

Alternative formats

If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us using the details listed on page one of this policy.