Terms of use

The information, materials and opinions on this website are for general information purposes only. They are not intended to constitute legal or other professional advice and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.

Certain parts of this website link to other external internet sites and other external internet sites may link to this website. Capsticks does not accept responsibility for the content of any of these external internet sites. Further, Capsticks are not responsible for the direct or indirect consequences of you linking to these external websites.

Although we try to make sure that the content of this website is accurate and up to date, Capsticks makes no express or implied conditions, warranties, terms or representations about the content of this website and accepts no liability whatsoever for the use which you make of the information, except as may be required by law.

Capsticks Solicitors LLP is a limited liability partnership registered in England and Wales under registered number OC340360, authorised and regulated by the Solicitors Regulation Authority.

A list of members is open to inspection at our registered office, 1 St George's Road, London SW19 4DR.

The term partner is used to refer to a member of Capsticks Solicitors LLP or an employee or consultant with equivalent standing and qualifications.

Capsticks is not authorised under the Financial Services and Markets Act 2000 but we are able to offer a limited range of investment services to clients as we are regulated by the Solicitors Regulation Authority. We can provide these investment services if they are an incidental part of the professional services we have been engaged to provide.

Capsticks privacy notice

Capsticks Solicitors LLP is committed to respecting and protecting your privacy by complying with the UK GDPR and other data protection legislation.

This notice tells you how we use and share your personal information and explains your rights regarding how we use your personal information. More specific information about our key uses of personal data, as an employer, is included below.

Who we are

Capsticks Solicitors LLP is a law firm practising from 5 offices Birmingham, Manchester, Leeds, London and Winchester. Capsticks Solicitors LLP is registered with the Information Commissioner’s Office (registration number Z5760582).  We are a data controller in relation to the processing activities set out in this policy.  This means we decide how and why your personal data is processed and we control the collection and processing of any personal data that you provide to us in relation to this website.

Our main office address for any issues that may arise in relation to this policy is:

1 St George’s Road



SW19 4DR

Our Chief Information Security Officer is responsible for our data protection function and you can contact our data protection team by emailing us at: [email protected]

Collecting Personal Data

"Personal data" is any information that relates to you and that identifies you either directly from that information or indirectly, by reference to other information that we have access to.

The personal data we collect, and how we collect it, depends upon our relationship with you and how you interact with us.

The people we normally collect information about include:

  • Clients and potential clients
  • Customers, service users and employees of our clients and those they work with, who are involved in legal matters. This includes witnesses and other parties to litigation
  • Staff and potential staff of Capsticks (please see our separate privacy notice for recruitment)
  • Others involved in the work we undertake for clients, including barristers, experts and other professional advisors.

The categories of personal data that we collect include:

  • Contact information such as name, email address, address and telephone number
  • Information such as job title, employer, date of birth and qualifications and any information relevant to the purpose(s) for which our services have been engaged
  • Billing and financial information such as billing address, bank account and payment information
  • Marketing, your communication preferences and related information you provide when you attend an event such as feedback.  If you wish to unsubscribe from marketing communications, please use the ‘unsubscribe’ link on our website
  • Suppliers’ details of services that we have purchased from you
  • Special categories of data such as race and ethnicity, trade union membership, information about health or information, political opinions or religious beliefs
  • Information regarding regulatory and  criminal matters
  • Imaging, including CCTV recordings in our offices.

Personal data we collect from you

We collect the following personal data from you:

  • When a client uses our legal services, we will ask for the information that we need to provide those services; this information includes contact details, billing information, information necessary to enable us to undertake client due diligence to verify identity prior to accepting instructions. Information provided by a client may include personal data that relates to persons whose information is relevant to the instruction; for example when we advise on a business transaction or a regulatory investigation or represent a client in a legal dispute.
  • When you apply for a job at Capsticks, we will ask you for information relevant to your application. Applications for vacancies need to be made via our recruitment system - a specific privacy notice will be provided via that system.
  • If you visit one of our offices we may collect information that we need to identify you. We may also collect your image on CCTV.
  • When you register to attend a Capsticks’ event, we will ask you to provide your contact, and other relevant information which may include information about disabilities or allergies.
  • When you use our website, we collect information about your visit and how you interact with our website.

Why we collect and use personal data

We use primarily use personal data to provide professional services, including legal services, to our clients, to manage and promote our business, and to comply with our professional and legal obligations. Our legal basis for processing personal data will depend on the circumstances (and sometimes more than one legal basis will be applicable to a piece of personal data), but generally will be:

  • Contract – particularly in the case of employees (or prospective employees) we will process personal data in order to ensure that contractual rights and obligations are met, such as people getting paid. Where we are instructed by an individual, this legal basis may also be relevant.
  • Legal obligation - for instance, we are required to undertake anti-money laundering checks, comply with tax law obligations, and ensure we are meeting our regulatory requirements as a business. We may also need to disclose personal data in the course of litigation we are managing on behalf of our client, under relevant Court, Tribunal or regulatory rules.
  • Legitimate interests - most of our activities as a business will fall within this legal basis.  This includes:
    • Providing services to our clients
    • Ensuring we are paid for the work we undertake
    • Making sure that our clients’ interests are protected and promoted
    • Ensuring physical and electronic security
    • Promoting and growing our business
    • Attracting, recruiting and retaining the best people.

We will normally only process special category data where the processing is necessary for the purposes of providing our client with advice; or where it is necessary to do so in order to establish, exercise or defend legal claims. From time to time we may need to use or share information in support of our own regulatory obligations, or to prevent or detect unlawful acts.

In the case of recruitment and HR, we may make use of equality and diversity information to monitor equality of opportunity and inclusion, both in support of legal obligations (for instance gender pay gap reporting) and because we think it is the right thing to do.

In some cases we may use consent as a legal basis for processing, particularly around some of our marketing activities.

Information we collect from third parties

The personal data Capsticks’ collects about you will generally be information that you provide to us. However, we may also receive information from other sources such as:

  • our clients
  • third parties involved in matters in which we are instructed (for instance, witnesses in legal proceedings)
  • regulatory bodies
  • law enforcement
  • other companies providing services to us.

We may also collect information from publicly available sources such as Companies House, the Land Registry, social media profiles and professional registers.

If you use our website and do not disable Google Analytics, we will receive information about you from Google Analytics, a web analytics service provided by Google, Inc. ("Google") whose servers are in the United States of America. Google Analytics uses cookies to help us analyse how users use our site.

Providing Capsticks with personal data about others

The nature of the services we provide mean that we may not have direct contact with every individual whose personal data we are processing. In some cases (for instance because of legal privilege) it may not be appropriate for us to tell them that their information is being processed by us.

If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to you in providing the information to us. 

We may need to share any information provided to us about third parties with other organisations and our service providers, for the reasons set out above.

Automatically collected data, automated decision making and profiling

We do not normally undertake ‘automated decision making’ which means making decisions without any human involvement at all. However, we may use business automation tools to help us deliver services. For instance, we may use electronic systems to help sort through candidates where we have a large number of applicants for a role; or use cookies or similar tools to present relevant information on our website (see below).

Our mail server scans the address fields and the email signature of emails both sent and received to ensure that our contact CRM database is kept up to date and uses names, job role and employer to build a network of relationships showing connections across organisations.

When you visit our website, we automatically collect, store and use technical information about your equipment and interaction with our website. This information is sent from your computer to us using a variety of cookies.

Our Cookies Policy provides information about how to disable cookies.

Ebulletins, invites and newsletters

We send insights and newsletters to people that we work with and believe will want to hear from us, and also to people that have specifically signed up to receive these. To subscribe for our insights and news updates please register by completing our form in the top right corner of the site. To unsubscribe, either update your details via the subscription form/links in our communications, or email us at [email protected].

For marketing purposes, we may monitor whether you open and/or click on URLs in our newsletters.


To register to attend any of our events you must complete a registration form. During registration if you wish to attend the event you will need to provide us with your contact information (such as name, address, phone number and email address). This information enables us to communicate with you regarding the logistics of the event and if you have agreed we will add you to our database to ensure you receive future communications about events that may be relevant to you.

Occasionally, you may be taken to other organisations’ websites to register for an event or to administer payment for attending an event. We cannot be responsible for third party websites so we recommend that you ensure you read the relevant privacy policy when visiting third party websites.

At any time, you will be able to change your mind about being contacted by us about and event, or let us know if your details are inaccurate or out of date by emailing: [email protected]

Sharing and transferring your data

We keep your personal data secure and do not share it with third parties except:

  • We may disclose personal data relating to our clients, their employees and agents to barristers, mediators, arbitrators, consultants or experts engaged in a matter, and vice versa.
  • If you are a witness or another party to legal proceedings, we may share information with the relevant Court or Tribunal, or need to disclose information to other parties to the proceedings. Because of duties of disclosure our clients may be subject to, it may not be possible or appropriate to remove or redact sensitive information from what is disclosed (for instance information in medical or occupational health records). If you have concerns about this please let us know by speaking to the lawyer working on the case in the first instance.
  • We may share personal data with our suppliers and service providers.
  • We may share personal information when necessary with law enforcement and regulatory authorities.

Most of our internal data processing is undertaken in the UK. Our staff may also provide services from outside the UK from time to time. We may make use of technical solutions and business support which is provided by global companies. From time to time we may also need to transfer personal data internationally in the course of our work – for instance if we have a client based overseas or are handling a claim with an international dimension. We will only transfer your personal data outside of the UK under the following circumstances:

  • where the transfer is to a country or other territory which has been assessed by the UK as ensuring an adequate level of protection for personal data
  • with your consent; or
  • on the basis that the transfer is compliant with the UK GDPR data protection legislation.

Protecting your personal data

To keep your personal data secure, we implement technical and organisational security measures to protect it against unauthorised or unlawful processing and against any accidental loss, destruction or damage.

Capsticks is accredited to the ISO27001 security standard and to Cyber Essentials plus.

Retention periods

We do not keep your personal data for any longer than is necessary.

To comply with our legal, reporting and regulatory obligations we generally keep data for 7 years (6 years when the data is live and an additional year when the data is stored in backups). In some cases we may need to keep data for longer, for instance if a matter comes ‘live’ again, or because it relates to property transactions where we may store deeds on behalf of a client. The criteria we use to determine for how long we may keep personal data include limitation periods for legal claims, the potential utility of the information, and events that have occurred which may be relevant to the information.

Your data subject rights

You have rights regarding how we use and keep your personal data, you:

  • can require us, to update or correct any inaccurate personal data, or to complete any incomplete personal data. If you make such a request, we will take reasonable steps to check the accuracy of, and correct the information. We rely on you to help us keep your personal data up to date, please let us know if any of your information changes
  • can require us to stop processing your information for direct marketing purposes
  • have the right to object to our use of your personal data (although we may not be able or required to comply with such an objection
  • may also have the right, in certain circumstances to:
    • be provided with a copy of any personal data that we hold about you. There are exceptions to this right. For example where information is legally privileged or if providing you with the information would reveal personal data about another person.  The right to personal data is not a right to receive documents although a document suitably redacted where necessary may be the easiest way to provide the data;
    • to require us, without undue delay, to delete your personal data
    • to "restrict" our use of your information, so that it can only continue subject to restrictions; and
    • to require personal data which you have provided to us and which are processed by using automated means, based on your consent or the performance of a contract with you, to be provided to you in machine readable format so that they can be "ported" to a replacement service provider.

We may require you to provide satisfactory proof of your identity to ensure that your personal data is disclosed only to you.

You can exercise your data subject rights by contacting the data protection team.

How to complain

Please contact the data protection team if you have any query or concern about how we use your information.

You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

Capsticks Privacy Notice – for employees


  • All information we hold about you is kept to a minimum.
  • We use your data to process information for usual employment purposes, to comply with the employment contract, to comply with legal requirements and to pursue the legitimate interests of the firm.
  • We will keep and use your data to enable us to run the firm and manage our relationship with you effectively, lawfully and appropriately.
  • We will use your data and information about you during the recruitment process, whilst you work for the firm and when your employment with us comes to an end and you leave the firm.
  • We delete your data when it is no longer needed.
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have privacy rights.
  • We take the security of your data seriously.
  • We are happy to answer your questions about any of the information set out in this notice or any other question you may have about how the firm handles your data.

The data we hold

 We will hold the following information about you:

  • Your name, identity and contact information
  • Your job application and/or CV – your CV may be stored in Talos360
  • References from previous employers or other third parties
  • Your contract of employment and any amendments to it
  • Correspondence with or about you
  • Financial information to process salary and other payments to you
  • Records of holiday, sickness or other absence
  • Training records
  • Information needed for equality and diversity monitoring
  • Appraisal information and other relevant performance measures
  • Information and documents about your matters or enquiries, including communications with you
  • Information to administer our range of employee benefits
  • Emergency contact details
  • Right to work documentation such as Passport, Visa
  • Criminal record data

We may hold:

  • Disciplinary and grievance records
  • Information relating to your health which could include GP reports and notes to enable compliance with occupational health obligations, to consider how your health affects you doing your job or to decide if any adjustments to your job may be appropriate and to manage any sick pay arrangements
  • Details of any accident reports for injuries sustained whilst at work
  • Information about third parties you provide to us in relation to the payment of death in service benefits

Using your information

We must have a lawful basis for processing your information and references to the basis of processing (e.g. Art. 6(f)) are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

Managing our relationship with you

We will use your data to manage our relationship with you.

(Basis: Art. 6(b): we need to keep your data to enter into and perform our contract with you.)

Special category data (sensitive personal data)

We will obtain your consent, which you may withdraw at any time, to process special categories of information relating to your:

  • Racial or ethnic origin
  • Political opinions
  • Religious and philosophical beliefs
  • Trade union membership
  • Sexual orientation
  • Criminal offence data

Unless this is not required by law or information is required to protect your health in an emergency.  


We monitor computer and mobile telephone use as detailed in our policies. You can access these via our Employee Handbook which can be found on the intranet.

Third parties

We do not generally share information with third parties but there are some exceptions to this:

  • if we are legally obliged to do so; or
  • where we need to comply with our contractual duties to you.

We will disclose information about you to our external payroll provider, to our benefit providers and to other third parties who may require it from time to time.

Your data and international transfers

We do not normally transfer or process data outside of the UK or European Economic Area unless we have your specific consent or have appropriate safeguards in place to comply with data protection law. If you are applying to work with us from outside the UK, your data necessarily will be transferred internationally.

Our suppliers may, due to the global nature of their businesses, transfer data outside of the UK . If this happens we have contractual provisions in place to ensure that personal data is processed in compliance with applicable Data Protection Laws, including where appropriate, international transfer mechanisms approved under applicable data protection laws.

Your rights

You have rights in respect of our processing of your personal data. The relevant rights are:

  • Access – you can ask about your personal data and information about our processing of it
  • Data portability - you may obtain and reuse your personal data for your own purposes across different services
  • Restriction - in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
  • Objection - object to our processing for strategy planning purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

Technical security

We take all appropriate steps to protect your information.  We have robust information security management systems in place to protect your personal information.  Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as indication of best practice in information security and information risk management.

Capsticks is also accredited to Cyber Essentials plus to help protect our systems from cyber-attack.

Retention periods

Your personal data will be stored for the duration of your employment with the firm and then as follows:

Record type

Retention period

Accident books, reports and records

3 years from the date of the last entry (if an accident relates to a child or    young adult—until that person reaches 21 years)

Income tax and NI records and correspondence with HMRC

7 years after the end of the financial year to which they relate

Retirement Benefits Schemes—notifiable events

6 years from the end of the scheme year in which the event took place

Statutory Maternity Pay records

3 years after the end of the tax year in which the maternity period ends

Statutory Sick Pay records

3 years after the end of the tax year to which they relate

Salary and pay records

7 years

Application forms and interview notes for unsuccessful candidates

2 years from the date that your information was first received by the firm.

Parental leave records

5 years from the birth or adoption of the child or 18 years if the child receives   a disability allowance

Pension scheme investment policies

12 years from the end of any benefit payable under the policy

Personnel files and training records (including disciplinary records and working time records)

6 years after employment ceases

Redundancy records

6 years from date of redundancy

Other HR records

2 yeas or for the minimum amount of time necessary depending on the   information.

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Any questions about your rights under this notice: [email protected]

Capsticks Privacy Notice – for job applicants

As part of any recruitment process, Capsticks collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. This privacy notice supplements our other privacy notices, with additional, more specific information for job applicants.

What information do we collect?

Our job board is run using Talos360 which is a service managed for Capsticks by Talos360. Your use of their service may involve their use of cookies or other data analytics services, for which they are a ‘data controller’. Their privacy notice can be found here: https://talos360.co.uk/policy. When registering to use this service, you are requested to enter certain information about yourself. This information forms the basis for any application.

The details of your application, covering letter, CV and academic results and any other information will not be viewed by anyone except Capsticks. In the event that you require Talos360 support during the application process, a member of the Talos360 support team may view information submitted by candidates in order to support them through the application process but this is the only occurrence where candidate information will be viewed by anyone other than Capsticks. Talos360 will hold personal information supplied for the duration of the recruitment process. You can request to edit any information entered into Talos360 including contact details, e-mail address, application information and password by emailing [email protected]. However, once an application has been sent, that specific application cannot be altered. You have certain rights to see and correct data held about you as set out in the section “Your rights”, below.

Capsticks collects a range of information about you. This includes:

  • your name, address and contact details, including email address and telephone number;
  • details of your qualifications, skills, experience and employment history;
  • information about your current level of remuneration, including benefit entitlements;
  • whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
  • information about your entitlement to work in the UK.
  • Capsticks may collect this information in a variety of ways. For example, data might be contained in application forms or CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.

Data will be stored in a range of different places, including on your application record, in our HR management systems and on other IT systems (including email).

Use of cookies

Temporary cookies are used to present the correct sections to the user e.g. application form pages. These cookies are deleted as soon as a session expires so nothing is permanently stored on a user's computer.

Why does Capsticks process personal data?

We need to process data to deal with your application and to decide whether to make an offer to you. Our processing is mainly a mix of our legitimate interests in hiring the best talent, and/or that it is necessary for us to process your data prior to entering into a contract with you (i.e. an employment contract).

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the UK before employment starts.

Capsticks has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

Capsticks may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, and disability to monitor recruitment and equality statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment, and to comply with our legal obligations (for instance, gender pay-gap recording).

Who has access to data?

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks. We may undertake DBS or other checks to comply with legal and regulatory obligations, for instance to comply with compliance principle 35 of the anti-money laundering guidance for the legal sector.

How does Capsticks protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does Capsticks keep data?

If your application for employment is unsuccessful, the organisation will hold your data on file for 2 years, after the end of the relevant recruitment process. The Talos360 platform enables you to choose to store your data in it for longer if you wish.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment. The periods for which your data will be held on commencement of employment will be provided to you in a new privacy notice.

Your rights

As a data subject, you have a number of rights. You may:

  • access and obtain a copy of your data on request;
  • require the organisation to change incorrect or incomplete data;
  • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
  • object to the processing of your data where Capsticks is relying on its legitimate interests as the legal ground for processing.

You also have the right to lodge a complaint with the Information Commissioner. The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or telephone: 0303 123 1113.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to Capsticks during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.