Data Protection

 

Zimmers Solicitors ‐ Transparency Notice

      

1. About this notice ►

 

2. What information do we hold? ►

 

Individual Clients ►

 

Individual prospects and other non‐client contacts ►

 

Individual service providers ►

 

Corporate Clients, suppliers and third party contacts and prospects ►

 

Parties on the other side in client matters ►

 

3. How do we collect personal information? ►

 

4. Our lawful basis for processing? ►

 

5. How we use particularly sensitive personal information ►

 

6. Criminal Convictions ►

 

7. Anti‐Money Laundering and Know Your Client ►

 

8. Who do we share your personal information with? ►

 

9. International data transfers ►

 

10. How do we keep your personal information safe? ►

 

11. How long do we keep your personal information? ►

 

12. Your rights ►

 


 

Zimmers transparency notice for Clients, third parties, individual contractors and suppliers,
and other non‐client contacts.

 

1 About us

 

1.1 This transparency notice describes how Gunter Zimmer t/a Zimmers Solicitors
('Zimmers' 'us' or 'we') collect and use your personal information during and after your
relationship with us.

 

1.2 We are a "data controller". This means that we are responsible for deciding how we
hold and use personal information about you, and explaining it clearly to you.

 

1.3 This notice applies to prospective, existing and former Clients of Zimmers (including
employees and representatives of our corporate Clients); individual and business contacts
and prospects; referrers; individuals who request information from us; any person who
provides services to us, either as an individual or as the employee or representative of a
corporate service provider; third parties acting for our Clients; parties on the other side of
our Client matters and lawyers acting for such parties.

 

1.4 It is important that you read this notice, together with any other privacy information or
notices we may provide on specific occasions when we are collecting or processing personal
information about you, so that you are aware of how and why we are using such
information.

 

1.5 We reserve the right to update this transparency notice at any time. We will provide
appropriate notice of such changes and recommend that you regularly check our
website for updates to this transparency notice. We may also notify you in other ways
from time to time about the processing of your personal information.

 

1.6 Gunter Zimmer is responsible for overseeing our compliance with data protection law. If you
have any questions about this transparency notice or how we handle your personal
information, please contact him by writing an email to info@zimmerslaw.com.

 

1.7 It is important that the personal information we hold about you is accurate and current.
Please keep us informed if your personal information changes during the course of our
engagement with you.

 


 

2 What information do we hold?

 

2.1 Personal data, or personal information, means any information about an individual from
which that person can be identified.

 

2.2 There are special categories of more sensitive personal data which require a higher level
of protection (see further at section 5, below).

 

2.3 We collect different information depending on your relationship with us (click on the
appropriate link, below, to see more about the categories of personal information from
you and purposes for which we use it).

 

2.3.1 Individual Clients ►
         

2.3.2 Individual prospects and other non‐client contacts ►
         

2.3.3 Individual service providers ►
         

2.3.4 Corporate Clients , suppliers and third party contacts and prospects ►
         

2.3.5 Parties on the other side in Client matters ►

 

2.4 In each case we have identified our lawful basis for processing. These are described in more
detail at section 4 Our lawful basis for using personal information ►

 

Individual Clients

 

We process:

 

2.4.1 Your name, address and contact details. Such processing is necessary for

performance of the contract between us.

 

2.4.2 Anti‐Money Laundering and Know Your Client information (see section 7 below).
We do this to comply with our legal obligations and as necessary for the
legitimate interest of understanding who we are contracting with.

 

2.4.3 Information relating to your legal matter and our instructions. If you are a private
Client, this may include information about your family or other third party
beneficiaries. Such processing is necessary for us to perform our contract with
you for the provision of legal advice.

 

2.4.4 Your bank details. Such processing is necessary for performance of a contract
where we are required to pay funds to you (for example on completion of a sale
of property).

 

2.4.5 Personal information contained in documents reviewed by us as part of any due
diligence and provided to us in disclosure. Such processing is necessary for the
purpose of providing legal advice and to perform our contract with you.

 

2.4.6 Your marketing preferences and details of any services you have subscribed to
and/or events you have attended. Such processing is necessary for the legitimate
interest of promoting and growing our business.

 

2.4.7 Background information about you and your relationship with the firm, to inform
and improve the service we provide to you. This may include lifestyle information
and information about your family. Such processing is necessary for the
legitimate interest of informing and improving the service we provide to you.

 

2.4.8 Feedback you provide to us on our services. Such processing is necessary for the
legitimate interest of managing our business and improving our services.

 

2.4.9 To the extent permitted by law, we may monitor electronic communications for
the purposes of ensuring compliance with our legal and regulatory obligations
and internal policies. This processing is necessary for the legitimate interest of
managing our business and compliance obligations.

 

2.5 We may, from time to time, approach you for your consent to allow us to process your
personal information for other purposes. If we do so, we will provide you with details of the
information that we would like and the reason we need it, so that you can carefully consider
whether you wish to consent.


Individual prospects and other non‐client contacts

 

2.6 We process:

 

2.6.1 your name, address and contact details;

 

2.6.2 your marketing preferences and details of any services you have subscribed to
and /or events you have attended;

 

2.6.3 feedback you provide on events or marketing campaigns; and

 

2.6.4 background information about you and your relationship with the firm, to inform
and improve the service we provide to you.

 

2.6.5 When you are considering instructing us, anti‐money Laundering and Know Your
Client information. We do this to comply with our legal obligations and as
necessary for the legitimate interest of understanding who we are contracting
with.

 

2.6.6 When you are considering instructing us, information relating to your legal
matter and our instructions. If you are a private Client, this may include
information about your family or other third party beneficiaries. Such processing
is necessary for us to perform our contract with you for the provision of legal
advice;

 

2.6.7 Personal information contained in documents reviewed by us as part of any
review and estimate. Such processing is necessary for the purpose of providing
legal advice and to perform our contract with you.

 

Such processing is necessary for the legitimate interest of promoting and growing our
business and improving our services.


2.7 We use information from our CRM system to monitor your engagement with our digital
content in accordance with our Cookies Policy ► for the legitimate interest of informing
and improving the service we provide to you, and future product and service development.

 

2.8 We process any feedback you provide to us in relation to our services including your decision
whether or not to instruct us. Such processing is necessary for the legitimate interest of
managing our business and improving our services.

 

2.9 To the extent permitted by law, we may monitor electronic communications for the
purposes of ensuring compliance with our legal and regulatory obligations and internal
policies. This processing is necessary for the legitimate interest of managing our business
and compliance obligations.

 

2.10 We may, from time to time, approach you for your consent to allow us to process your
personal information for other purposes. If we do so, we will provide you with details of the
information that we would like and the reason we need it, so that you can carefully consider
whether you wish to consent.

 

Individual service providers (for example, experts or counsel)


2.11 We process:

 

2.11.1 Your name, title and business contact information including addresses, telephone
numbers and email addresses, your CV information and qualifications where
necessary.

 

2.11.2 Details relating to the performance of the contract between us, including
financial information and bank details for payment.

 

Such processing is necessary for performance of the contract between us.


2.12 We may perform due diligence in the form of reference and credit checks and verification of
your identity including checking photographic identification and proof of address and your
qualifications. We do this to comply with our legal obligations, and as necessary for our
legitimate interests of understanding the party or parties with whom we are contracting.

 

2.13 To the extent permitted by law, we may monitor electronic communications for the
purposes of ensuring compliance with our legal and regulatory obligations and internal
policies. This processing is necessary for the legitimate interest of managing our business
and compliance obligations.

 

2.14 We may, from time to time, approach you for your consent to allow us to process your
personal information for other purposes. If we do so, we will provide you with details of the
information that we would like and the reason we need it, so that you can carefully consider
whether you wish to consent.

 

Corporate Clients, suppliers and third party business contacts and prospects


2.15 We process names, titles and business contact information including addresses, telephone
numbers and email addresses for your employees and representatives. Such processing is
necessary for performance of the contract between us. Where you are an employee of a
corporate Client or contractor, we process this information for the legitimate interest of
performing our contract with your employer.

 

2.16 If you are a new or prospective Client, we process personal information as part of our Anti‐
Money Laundering and Know Your Client procedures (see section 7 below). We do this to
comply with our legal obligations, and as necessary for our legitimate interests (provided
that the interests and fundamental rights of the individual do not override our interests).

 

2.17 We may perform due diligence in the form of credit checks on companies, including checking
photographic identification and proof of address of directors and, in some cases, your
shareholders, and verification of the company registration details. We do this to comply with
our legal obligations, and as necessary for our legitimate interests (provided that the
interests and fundamental rights of the individual do not override our interests).

 

2.18 We process information relating to your legal matter and our instructions.

 

2.18.1 If you are an employer, this may include information about your staff.

 

2.18.2 For our education institutions, this may include information about pupils,
students and parents.

 

Processing of this information is necessary for the purpose of providing legal advice to you.

 

2.19 We process personal information contained in documents reviewed by us as part of any due
diligence and provided to us in disclosure. Such processing is necessary for the purpose of
providing legal advice.

 

2.20 We process your marketing preferences and details of any services you have subscribed to,
and any events your employees and representatives have attended. Such processing is
necessary for the legitimate interest of promoting and growing our business (provided that
the interests and fundamental rights of any individual employees and representatives do not
override our interests).

 

2.21 We process any feedback you (your employees or representatives) provide to us on our
services. Such processing is necessary for the legitimate interest of managing our business
and improving our services (provided that the interests and fundamental rights of any
individual employees and representatives do not override our interests).

 

2.22 We process background information about you, and your employees and representatives,
and your relationship with the firm. Such information may include how you found us and
what your interests are. Such processing is necessary for the legitimate interest of informing
and improving the service we provide to you (provided that the interests and fundamental
rights of any individual employees and representatives do not override our interests).

 

2.23 To the extent permitted by law, we may monitor electronic communications for the
purposes of ensuring compliance with our legal and regulatory obligations and internal
policies.

 

Parties on the other side in Client matters


2.24 For lawyers acting on the other side of a particular matter, we will collect your contact
details and such information about your Clients as necessary for us to advise our Clients.

 

2.25 We may process your Client's details for the purpose of carrying out conflict checks. Such
processing is necessary for our legal obligations and the legitimate interest of meeting our
compliance requirements.

 

2.26 We process personal information contained in documents reviewed by us as part of our due
diligence and/or as provided to us in disclosure. Such processing is necessary for:

 

2.26.1 the purpose of establishing, exercising or defending legal claims; and

 

2.26.2 the legitimate interests of our Client in receiving legal advice from us (provided
that your Client's interests and fundamental rights do not override our Client's
interests).

 

2.27 We may process your, or your Client's, bank details. Such processing is necessary where we
are required to pay funds to your Client (for example on completion of a sale of property).

 

2.28 To the extent permitted by law, we may monitor electronic communications for the
purposes of ensuring compliance with our legal and regulatory obligations and internal
policies.

 


 

3 How do we collect information about you?

 

3.1 We collect personal information direct from you when you enquire about our services,
when we establish you as a Client of the firm, if you register with us for an event or to
receive updates and information from us, or where we enter into a contract to receive
services from you.

 

3.2 We collect further information from you during the period of our retainer or for the
duration of your providing services to us.

 

3.3 We collect information about Clients from parties acting on the other side in a
transaction, or from lawyers or other professional advisors acting on their behalf.

 

3.4 We collect information from other third parties, such as other professionals advising our
Clients on a matter, from referrers, partner organisations (if we have run a joint event),
and from credit reference agencies or other background check agencies.

 

3.5 We may collect information about you from public sources, such as Companies House or
the Land Registry, from an online search or from social media sites.

 


 

4 Our lawful basis for using personal information

 

4.1 We will only use your personal information when the law allows us to. Most commonly,
we will use your personal information in the following circumstances:

 

4.1.1 Where we need to perform the contract we have entered into with you.

 

4.1.2 Where it is necessary for our legitimate interests (or those of a third party) and
your interests and fundamental rights do not override those interests. Where we
rely on legitimate interests for our processing, we will advise you of the relevant
interest.

 

4.1.3 Where we need to comply with a legal obligation.

 

4.1.4 Otherwise, with your consent.

 

4.2 We may also use your personal information in the following situations, which are likely
to be rare:

 

4.2.1 Where we need to protect your vital interests (or someone else's interests).

 

4.2.2 Where it is needed in the public interest.

 

4.3 Some of the above grounds for processing will overlap and there may be several
grounds which justify our use of your personal information.

 

4.4 We will only use your personal information for the purposes for which we collected it,
unless we reasonably consider that we need to use it for another reason and that
reason is compatible with the original purpose. If we need to use your personal
information for an unrelated purpose, we will notify you and we will explain the legal
basis which allows us to do so.

 

4.5 Please note that we may process your personal information without your knowledge or
consent, in compliance with the above rules, where this is required or permitted by law.

 


 

5 How we use particularly sensitive personal information

 

5.1 Special categories of particularly sensitive personal information require higher levels of
protection. We need to have further justification for collecting, storing and using the
following types of personal information.

 

5.2 Depending on the nature of our instructions, we may collect, store and use any of the
following special categories of information about Clients and prospective Clients and/or
about parties on the other side of the matter:

 

5.2.1 physical or mental health, including any medical condition or disability;

 

5.2.2 nationality, race or ethnicity;

 

5.2.3 political opinions;

 

5.2.4 religious or philosophical beliefs;

 

5.2.5 trade union membership;

 

5.2.6 sexual orientation or sex life;

 

5.2.7 genetic information and biometric data; or

 

5.2.8 information relating to criminal convictions and offences.

 

5.3 We process this type of information where it is necessary to establish, exercise or defend a
legal claim.

 

5.4 We may process particularly sensitive personal information if we are under a legal obligation
to do so, or if it becomes necessary to protect your vital interests or those of another
person, or for reasons of substantial public interest.

 

5.5 We do not process particularly sensitive personal information for non‐clients as part of our
usual course of business. However, we may process information:

 

5.5.1 relating to a health condition or disability in order to make reasonable
adjustments in the provision of our services;

 

5.5.2 where it is needed to protect your interests (or someone else's interests) and you
are not capable of giving your consent, or where you have already made the
information public; and

 

5.5.3 about your race or national or ethnic origin, religious, philosophical or moral
beliefs, or your sexual life or sexual orientation, to ensure meaningful equal
opportunity monitoring and reporting. We make every effort to anonymise such
information.

 

5.6 We may approach you for your written consent to allow us to process certain particularly
sensitive information. If we do so, we will provide you with full details of the information
that we would like and the reason we need it, so that you can carefully consider whether
you wish to consent.

 


 

6 Information about criminal convictions

 

6.1 We may only use information relating to criminal convictions where the law allows us to do
so. Except where this is necessary in the course of the legal advice we are providing to you,
we do not envisage that we will hold information about criminal convictions.

 

6.2 We may use information relating to criminal convictions where it is necessary in relation to
legal claims, where it is necessary to protect your interests (or someone else's interests) and
you are not capable of giving your consent, or where you have already made the information
public.

 


 

7 Anti‐Money Laundering and Know Your Client information

 

7.1 We are required by law to verify the identity of all new Clients and, in certain circumstances,
existing Clients. In addition, our internal requirements may require us to conduct
background checks on new or existing Clients. These may necessitate verification of the
identity and good standing of Clients. For corporate Clients this will include verifying one or
more of their directors or other officers, and verifying the identity of shareholders, beneficial
owners, management and/or other relevant background information.

 

7.2 We may require evidence of source of funds, at the outset of and possibly from time to time
throughout our relationship with Clients, which we may request and/or obtain from third
party sources. The sources for such verification may comprise documentation which we
request from the prospective or current Client, or through the use of online sources, or both.
We may also be required to make detailed enquiries of any unusual transactions such as the
transfer of large amounts of cash.

 

7.3 In some circumstances we may decline to, or may not be permitted to, act until such
procedures have been completed. We reserve the right to decline to act or, if appropriate,
cease to act, should these procedures not be completed to our satisfaction.

 

7.4 Where we instruct counsel or other professionals on behalf of Clients, they may request us
to provide them with copies of evidence of identity of Clients or their representatives which
we have obtained from you or from other sources. We will be entitled to send such copies to
them if we so decide.

 


 

8 Data sharing

 

8.1 We will share your personal data with third‐party service providers who provide services to
us and to other third parties who use your information, as data controller, for their own
purposes.

 

8.2 If you are a Client, we share your personal information with other data controllers (including
other solicitors involved in a case) required by law, for example if we are required to share
information in accordance with our Anti‐Money Laundering procedures, or to meet our
regulatory requirements or as required by our insurers.

 

8.3 We share personal information with:

 

8.3.1 our regulator, the Solicitor's Regulation Authority (SRA), HMRC or other
government or law enforcement agencies;

 

8.3.2 our insurance providers and our professional indemnity insurance broker; and

 

8.3.3 Lexcel (the Law Society's legal practice accreditation service) and other auditors,
for the purpose of auditing our compliance with our legal obligations (including
Anti‐Money Laundering requirements) and the SRA rules.

 

8.4 We may share your information if we refer you to a third party adviser for specialist advice
or if we are prevented from acting for you due to a conflict.

 

8.5 Where we share information with other data controllers, they are responsible to you for
their use of your information and compliance with the law.

 

8.6 The following activities are carried out by third‐party service providers on our behalf:
archiving and records management; confidential waste disposal; IT support and maintenance; hosting our website (including analytics); marketing campaigns; carrying out surveys and obtaining feedback on our services.

 

8.7 All our third‐party service providers are required to take appropriate security measures to
protect your personal information in line with our policies. We do not allow our third‐party
service providers to use your personal information for their own purposes. We only permit
them to process your personal information for specified purposes and in accordance with
our instructions.

 

8.8 If you are a delegate at an event, we share names and contact details with third party event
organisers and on the delegate list which is shared with other attendees, unless you ask us
not to.

 

8.9 We may share your personal information with other third parties in the context of the
negotiations for a sale or restructuring of the business.

 


 

9 Transferring information outside the European Economic Area (EEA)

 

9.1 All our personal information is hosted on servers located within the EEA.

 

9.2 If we are required to transfer information outside the EEA, we have put in place appropriate
measures to ensure that your personal information is treated by those third parties in a way
that is consistent with and which respects the EU and UK laws on data protection.

 

9.3 If you are based outside the EEA we may transfer personal information to the
correspondence address you provide to us. We will take all reasonable steps to ensure that
such transfers are secure. By instructing us from outside the EEA you acknowledge and
agree that such transfers are necessary for us to provide services to you.

 


 

10 Data security

 

10.1 We have put in place robust technical measures to protect the security of your information.
Details of these measures are available upon request.

 

10.2 Third parties will only process your personal information on our instructions and where they
have agreed to treat the information confidentially and to keep it secure.

 

10.3 We have put in place appropriate security measures to prevent your personal information
from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

 

10.4 In addition, we limit access to your personal information to those employees, agents,
contractors and other third parties who have a business need to know. They will only
process your personal information on our instructions and where they are subject to a duty
of confidentiality.

 

10.5 We have put in place procedures to deal with any suspected data security breach and will
notify you and any applicable regulator of a suspected breach where we are legally required
to do so.

 


 

11 For how long will we will keep your information?

 

11.1 We will only retain your personal information for as long as is necessary to fulfil the
purposes for which we collected it, including for the purposes of satisfying any legal,
accounting, or reporting requirements.

 

11.2 To determine the appropriate retention period for personal information, we consider the
amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements

 

11.3 Where a minimum retention period is required by law (such as retaining records for HMRC
purposes or for compliance with the SRA requirements, or anti‐money laundering law), we
comply with that minimum period plus up to 12 months to allow time for us to anonymise or
delete information in accordance with our internal data management processes.

 

11.4 Unless particular circumstances warrant retention for longer periods, we retain Client
documents in line with the National Archives recommended best practice and (where
applicable) Law Society's recommended retention periods for Client files. We apply the same
rules to electronic files as to paper files. Access to archived files is restricted. Please contact
Gunter Zimmer if you would like to discuss specific retention periods applicable to your
matters.

 

11.5 Our backup and disaster recovery service provider retains a copy of all emails and
attachments for 10 years. Access to this information is restricted.

 

11.6 If we are required to retain your information longer than our standard retention periods, we
will let you know (unless we are prevented by law from doing so).

 

11.7 In some circumstances we may anonymise your personal information so that it can no
longer be associated with you, in which case we may use such information without further
notice to you.

 


 

12 Your rights in connection with personal information

 

12.1 Under certain circumstances, by law you have the right to:

 

12.1.1 Request access to your personal information (commonly known as a "subject
access request"). This enables you to receive a copy of the personal information
we hold about you and to check that we are lawfully processing it.

 

12.1.2 Request correction of the personal information that we hold about you. This
enables you to have any incomplete or inaccurate information we hold about you
corrected.

 

12.1.3 Request erasure of your personal information. This enables you to ask us to
delete or remove personal information where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or remove
your personal information where you have exercised your right to object to
processing (see below).

 

12.1.4 Object to processing of your personal information where we are relying on a
legitimate interest (or those of a third party) and there is something about your
particular situation which makes you want to object to processing on this ground.
You also have the right to object where we are processing your personal
information for direct marketing purposes.

 

12.1.5 Request the restriction of processing of your personal information. This enables
you to ask us to suspend the processing of personal information about you, for
example if you want us to establish its accuracy or the reason for processing it.

 

12.1.6 Request the transfer of your personal information to another party.

 

12.1.7 Withdraw consent in the limited circumstances where you may have provided
your consent to the collection, processing and transfer of your personal
information for a specific purpose, you have the right to withdraw your consent
for that specific processing at any time. Once we have received notification that
you have withdrawn your consent, we will no longer process your information for
the purpose or purposes you originally agreed to, unless we are required to
continue to process your information in accordance with another lawful basis
which has been notified to you.

 

12.2 To exercise any of the above rights, please contact Gunter Zimmer.

 

12.3 You will not have to pay a fee to access your personal information (or to exercise any of the
other rights). However, we may charge a reasonable fee if your request for access is clearly
unfounded or excessive. Alternatively, we may refuse to comply with the request in such
circumstances.

 

12.4 We may need to request specific information from you to help us confirm your identity and
ensure your right to access the information (or to exercise any of your other rights). This is
another appropriate security measure to ensure that personal information is not disclosed
to any person who has no right to receive it.

 

 

Last Updated: May 2018

 


Download
ZIMMERs Transparency Notice May 2018.pdf
Adobe Acrobat Dokument 180.6 KB