This policy came into effect on 14 November 2017 and was superseded on 12 December 2019
There are no previous or archive versions.
Related documents: General service and data protection agreement, list of third party processors
This policy explains what personal information we (Corrick, Wales & Partners LLP) collect, how it is used and shared. The policy applies to users of this website, our customers and clients. Our UK Information Commissioner’s Office registered number is: ZA297189
- Privacy by default
- We only collect the minimum personal data (if any) to provide our services
- We consider and design privacy into our all our processes and systems
- We do not store your data longer than necessary and we make sure it’s easy to request a copy or for it to be deleted.
- If we (Corrick, Wales & Partners) close, are taken over or merge with another company, we will inform registered users and customers in advance and give them the option of downloading and deleting their data.
- Transparency – unless there is a legal reason not to, we aim to be as transparent as possible in how your data is stored and managed.
Whilst visitors of all ages may navigate this site we do not intentionally collect information about people under 13 years old. You must be 13 years old or over to sign up or submit any personal information through our website (for example, to make a comment on a blog post). If you believe a person under 13 years old has provided us with their personal information, or have any concerns regarding this aspect of our policy, please get in touch.
What information do we collect?
Information collected automatically
When you use our website we automatically collect information about your visit. This helps us understand how to improve our site and services. This data collection does not identify you personally.
We capture information such as your IP Address, operating system, screen display settings, browser type. We may approximate your location from your device using a combination of your IP address or through the GPS, Bluetooth or WiFi connection information used by your device.
The data is stored, managed and only accessible by us.
Information you provide
We collect information you provide to us when you register details on our website, such as to make a blog post comment or opt-in to receive a newsletter, contact us. This includes:
- if we meet face to face, by phone or on social media
- if you provide information to us when we do business with each other, this can include invoice, billing and payment details
- if you apply for a job, if we contract or employ you.
Information provided by others
We collect information about you from other people and organisations when:
- They recommend you or include you in communications with us
- Via social media accounts of another user if your settings permit it. For example, if you are their friend on Facebook and haven’t limited that feature.
- Through publicly available information and online business networks, for example: LinkedIn
How do we use the information we collect?
We use personal information we collect to provide our services, to improve and optimise what we do, and to protect you and Corrick, Wales & Partners LLP. We may use this information to:
- contact you
- provide you with information that you request from us
- inform you of any changes to our website, services and products
- amend or improve our services
- do business with you, including invoice or make payments
- maintain legally required records, such as for tax and employment
- prevent fraud
We use automatically collected device information to:
- protect the website from spam and to keep the website secure
- ensure that the user experience is delivered in a form suited to the software your device is using
- assist in providing support to you should you have difficulty accessing or participating on the site
- anonymise statistics – for use in research purposes, for example to determine the percentage of our users in a specific country who use a certain type of browser.
Can I get a copy of the information you’ve collected about me?
Of course! Email firstname.lastname@example.org
Can I amend or delete information you’ve collected about me?
Of course! If you registered to make a comment on the website, you can amend your details, edit or delete your comments on the website. If you have opted in to receive an email newsletter we provide a link to unsubscribe in every email. For all other amendments and requests for deletion, email email@example.com.
When data is deleted it can take up to a maximum 180 days for it to be completely wiped from some third party services we use (see clause 6.1 of G Suite’s policy relating to this here). However, it will no longer be available or recoverable by us or any of the systems we use.
Please note that there are some records we are required to keep for other regulatory reasons, such as for finance, tax and employment purposes.
How long do you keep data for?
We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this are:
- do we still carry out the activities for the purposes the data was provided?
- is this information still up to date?
- are we required to keep this data for other regulatory purposes?
- are there contractual requirements?
Some records we are required to retain by law for certain lengths of time. These include for tax and employment purposes.
How is my information stored, transferred and kept secure?
To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents. We keep an up to date list here.
These services cannot share your data with anyone. The website hosting we use is in Kent, in the UK. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.
Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals.
We follow security bulletins closely, such as those from US-CERT, and we act on relevant security advisories to minimize the risk to our systems and the data they contain.
If we are informed of a data breach we will contact the UK Information Commissioner’s Office and those affected within 72 hours of discovery.
How might my personal information be shared?
Unless required by law (see Legal requests below), we don’t and won’t share your personal data with anyone without your consent. We use third parties to process your information on our behalf (see above) but these services cannot share your data with anyone.
We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Corrick, Wales & Partners LLP or the rights, property or personal safety of any person.
All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.
Changes to this policy
When we make changes to this policy we will inform registered users and our customers before changes take effect. The date at the top of this page will also be updated to reflect from when the changes are effective and we will archive the outgoing policy.
How to contact us
Registered address: 212a Bocking Lane, Greenhill, Sheffield, S8 7BP
Companies House Partnership No.: OC419984
UK ICO registration number: ZA297189