Legal & Compliance

What is ‘Personal Data’?

Personal Data is data from which an individual can be identified, such as:

• an email address containing a name
• a telephone number
• driver’s licence number
• a home address.

What do we use your Personal Data for?

We use your Personal Data primarily for the provision of legal services to you, but also for related purposes such as:

• updating and enhancing client records;
• analysis to help us manage our practice;
• statutory returns; and
• for legal and regulatory compliance.

You have a right of access under the GDPR to the Personal Data that we hold about you.

Our work for you may require communication of your Personal Data to third parties, such as expert witnesses, barristers and other professional advisers.

We are required to undergo audit and other types of quality checks for legal and regulatory compliance purposes. External organisations who conduct these inspections are required to maintain confidentiality in relation to your Personal Data.

How long will we keep your Personal Data for?

When we have completed a matter, if you do not want us to return certain papers to you, we will keep them for at least thirteen years. After this, we may destroy them. If we keep important original documents such as title deeds, trust deeds and wills, we will store them in our fireproof safes. We currently do not charge for this service. We will not destroy original documents of this nature unless you ask us to do so. We reserve the right to withdraw this service at any time and return the original documents to you for safekeeping.

Transferring personal information outside the European Economic Area

We may need to transfer your personal information to countries outside the European Economic Area (EEA). We will only do so if the transfer is necessary for the performance of our contract with you, where the reason for the transfer serves our legitimate interests, or there is another lawful condition for the transfer.

To the extent that we transfer your personal information outside of the EEA, we will use all reasonable endeavours to ensure that a similar degree of protection is afforded to such information as is offered within the EU. We will do so by ensuring one or more of the following safeguards is in place:

• The country to which the information is being transferred has been deemed to provide an adequate level of protection for personal information by the European Commission;
• We use a specific form of contract approved by the European Commission that gives personal information the same protection it has within Europe; and/or
• If the personal information is being transferred to the United States of America, ensuring that the provider is affiliated with the Privacy Shield, which requires it to provide a similar level of protection to personal information to that which the information benefits from within Europe.

You can obtain further information about these measures from our Data Compliance Officer.

What kind of protection and limitation does the GDPR provide?

The GDPR requires that the Personal Data we hold about you must be:

• adequate, relevant and limited to what is necessary;
• accurate and, where necessary, kept up to date;
• protected from unauthorised or unlawful processing and accidental loss or destruction; and
• stored for no longer than necessary.

If you believe that a member of the firm is not complying with these requirements in relation to your Personal Data, please get in touch with our Data Compliance Officer using the details below.

Lucy Gibson
Data Compliance Officer
Sinclair Gibson LLP
3 Lincoln’s Inn Fields
London, WC2A 3AA

Email: dco@sinclairgibson.com

Tel.: 020 7242 9700