Terms of use

The information, materials and opinions on this website are for general information purposes only. They are not intended to constitute legal or other professional advice and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances.

Certain parts of this website link to other external internet sites and other external internet sites may link to this website. Capsticks does not accept responsibility for the content of any of these external internet sites. Further, Capsticks are not responsible for the direct or indirect consequences of you linking to these external websites.

Although we try to make sure that the content of this website is accurate and up to date, Capsticks makes no express or implied conditions, warranties, terms or representations about the content of this website and accepts no liability whatsoever for the use which you make of the information, except as may be required by law.

Capsticks Solicitors LLP is a limited liability partnership registered in England and Wales under registered number OC340360, authorised and regulated by the Solicitors Regulation Authority.

A list of members is open to inspection at our registered office, 1 St George's Road, London SW19 4DR.

The term partner is used to refer to a member of Capsticks Solicitors LLP or an employee or consultant with equivalent standing and qualifications.

Capsticks is not authorised under the Financial Services and Markets Act 2000 but we are able to offer a limited range of investment services to clients as we are regulated by the Solicitors Regulation Authority. We can provide these investment services if they are an incidental part of the professional services we have been engaged to provide.

Privacy notice

Summary

  • We keep to a minimum the information we hold about you
  • We use your data to provide our services to you, respond to your enquiries, manage our relationship with you, meet our legal obligations, and improve our website
  • We delete your data when it is no longer needed for these things
  • Generally, we do not give your information to third parties, but there are some exceptions
  • You have privacy rights
  • We take security seriously
  • We  use cookies on our website
  • We are happy to answer your questions about any of this

Want more detail?

To see more about how we use your personal data, read the notice or notices which apply best to your relationship with us:

Select an option

  • I am a client

    Summary

    • We keep to a minimum the information we hold about you
    • We use your data to provide you with legal services, meet our legal and regulatory obligations, and improve our website
    • We delete your data when it is no longer needed for these things
    • Generally, we do not give your information to third parties, but there are some exceptions
    • You have privacy rights
    • We take security seriously
    • We are happy to answer your questions about any of this

    The data we hold:

    We will hold the following information about you:

    • Your name, identity and contact information
    • Information about your business activities
    • Information and documents about your matters or enquiries, including communications with you
    • Billing and payment information

    We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

    Using your information

    We must have a lawful basis for processing your information and references to the basis of processing (e.g. Art. 6(f)) are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

    Giving you legal advice

    We use the information we hold about you and your business — both personal and otherwise — to provide you with legal advice

    We also use your information to bill you, and keep track of payments that you make to us.

    (Basis: Art. 6(b): this is necessary to deliver the service to you.)

    ID checks

    We will have done an ID check on you before you become a client. If you do not instruct us for a while, we may need to do another ID check. If you would prefer not to provide this information, we will not be able to act for you.

    We retain identity verification information for as long as you are our client, and then five years.

    (Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

    Sources of money

    We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding. If you would prefer not to provide this information, we will not be able to act for you.

    (Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

    Technical data

    We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

    (Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate interest.)

    Your data and the EEA

    We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

    Your rights

    You have rights in respect of our processing of your personal data. The relevant rights are:

    • get access to your personal data and information about our processing of it
    • data portability you may obtain and reuse your personal data for your own purposes across different services
    • in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
    • object to our processing for strategy planning purposes

    If you want to exercise any of these rights, please just contact us.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you will most likely want to contact the UK's Information Commissioner's Office.

    Third parties

    As a general principle, we will not transfer your personal data to third parties without your permission.

    There are some exceptions to this:

    • If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.
    • It is possible that we might be forced to disclose your information in response to a court order or other binding mandate.
    • It is possible we may need to make a disclosure to law enforcement if we suspect money laundering or tax evasion. We may not even be able to tell you of our suspicions if, in doing so, we would be committing the offence of tipping off. We will still try to minimise any sharing of your personal data.
    • As solicitors, we have a professional duty to co-operate with our regulator, the Solicitors Regulation Authority
    • We also have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).

    Technical security

    We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

    Telephone calls are not encrypted.

    If you have particular security requirements, please call us to discuss how we can support you.

    Voicemail messages

    If you leave a voicemail message, this will be sent as an email to the person you wanted to speak with and it will be retained for the duration of the relationship with us and then generally seven years.

    Retention periods

    Data about clients: duration of your relationship with us, then generally seven years for paper files and eight years for electronic data.  We generally delete live data from our systems seven years after your relationship with us ended but retain a backup copy of data for a further year as a precaution against cyber attacks

    Client ID verification: duration of your relationship with us, then five years

    Data about specific matters: duration of the matter, then generally seven years

    Server logs: up to one year

    ICO registration

    Capsticks is registered with the Information Commissioner's Office (Z5760582).

    Get in touch

    Email: dataprotection@capsticks.com

  • I am a prospective client

    Summary

    • We keep to a minimum the information we hold about you
    • We use your data to provide our services to you, meet our legal obligations, and improve our website
    • We delete your data when it is no longer needed for these things
    • Generally, we do not give your information to third parties, but there are some exceptions
    • You have privacy rights
    • We take security seriously
    • We are happy to answer your questions about any of this

    What data we hold

    If you contact us, we will hold the following information about you:

    • Your name, identity and contact information
    • Information about your business activities
    • Information and documents about your enquiries, including communications with you

    We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

    Using your information

    References to the basis of processing (e.g. "(Basis: Art. 6(f)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

    Giving you legal advice

    If you get in touch looking for legal advice, we will do some research to understand more about you and what you do. Usually, this means reading up about you, how you position yourself in the market, what you display on your public facing websites and social media presence, and so on. This helps us work out how best we can help you, and if we're really the right people for the job.

    (Basis: Art. 6(b): this is necessary to deliver the service to you.)

    ID checks

    The law requires that, in some situations, we must know who you are before we can give you legal advice.

    The level of checking we need to undertake depends on the potential risk, and there are certain factors which are considered to be high risk. One example is if you are an individual and are not able to meet us face-to-face.

    If you would prefer not to provide this information, we will not be able to act for you.

    Any personal data received from you for this purpose will be processed only for the purposes of preventing money laundering, terrorist financing or tax evasion, unless we have your consent to process it for another purpose.

    We retain identity verification information for as long as you are our client and then five years, or else five years from the point you decide you do not want to become a client.

    (Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

    Sources of money

    We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding. If you would prefer not to provide this information, we will not be able to act for you.

    (Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

    Dealing with enquiries

    If you call us or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

    (Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): business planning is a legitimate thing for us to do, and keeps us relevant and hopefully more in tune with your needs.)

    Technical data

    We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

    (Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

    Your data and the EEA

    We do not transfer or process data outside the European Economic Area unless we have your consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

    Your rights

    The relevant rights are:

    • get access to your personal data and information about our processing of it
    • in some circumstances, restrict our processing of your data for strategy planning purposes and other "legitimate interests" purposes, and compel us to erase the bits we do not use for those purposes
    • object to our processing for strategy planning purposes and other "legitimate interests" purposes

    If you want to exercise any of these rights, please just contact us.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you probably want the UK's Information Commissioner's Office.

    Third parties

    As a general principle, we will not transfer your personal data to third parties without your permission.

    There are two exceptions to this:

    • It is possible that we might be forced to disclose your information in response to a court order or other binding mandate.
    • As solicitors, we have professional duties, including to co-operate with our regulator, the Solicitors Regulation Authority, as well as to report suspicious transactions or money laundering. We may not even be able to tell you of our suspicions if, in doing so, we would be committing the offence of tipping off. We will still try to minimise any sharing of your personal data.

    We also have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (and the content of what you send us unless you encrypt it).

    Technical security

    Our laptops are full-disk encrypted, as are our phones and tablets.

    We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

    Telephone calls are not encrypted.

    If you have particular security requirements, please call us to discuss how we can support you.

    Voicemail messages

    If you leave a voicemail message, this will be sent as an email to the person you wanted to speak with and it will be retained for the duration of the relationship with us and then generally for seven years.

    Retention periods

    Data about clients: duration of your relationship with us, then generally seven years

    Client ID verification: duration of your relationship with us, then five years

    Server logs: up to one year

    ICO registration

    Capsticks is registered with the Information Commissioner's Office (Z5760582).

    Get in touch

    Email: dataprotection@capsticks.com

  • I am just browsing your website

    Summary:

    This privacy notice sets out what information we process when you visit this website

    You do not have to give us any personal information in order to use most of this website, except where you ask for information or subscribe to a service.

    Capsticks LLP is the sole owner of the information collected on this website. We do not sell, share, or transfer this information, except as set out in this statement. We use your information to improve our marketing, for administration and to provide legal services.

    Submitting your contact details

    On various occasions, including through forms on our website, we invite or request you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you.

    How we use this information

    In each case, the purpose for which you are invited to give us information is clear. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Capsticks, except to service providers acting on our behalf or in other very limited circumstances, for example, with your agreement or where we are legally obliged to do so

    Ebulletins and newsletters

    We will only provide you with e-bulletins and newsletters that you have consented to receiving. To subscribe for our insights and news updates please register by completing our form in the top right corner of the site. To unsubscribe, either update your details via the subscription form or email us at info@capsticks.com

    For marketing purposes, we may monitor whether you open and/or click on URLs in our newsletters.

    Events

    To register to attend any of our events you must complete a registration form. During registration if you wish to attend the event you will need to provide us with your contact information (such as name, address, phone number and email address). This information enables us to communicate with you regarding the logistics of the event and if you have agreed we will add you to our database to ensure you receive future communications about events that may be relevant to you.

    Occasionallyyou may be taken to other organisations’ websites to register for an event or to administer payment for attending an event. We cannot be responsible for third party websites so we recommend that you ensure you read the relevant privacy policy when visiting third party websites.

    At any time, you will be able to change your mind about being contacted by us or let us know if your details are inaccurate or out of date by emailing:  capsticks.events@capsticks.com

    Cookies

    A cookie is a piece of data stored on a user's hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them:

    • Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.

    Google Analytics is a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies (see above), to help us analyse how users use our site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

    Google will use the information on behalf of Capsticks for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of these cookies via the settings in your browser as explained above. You may also opt out of being tracked by Google Analytics in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en

    • ASP.Net cookie: we use this cookie to allow visitors to view the website without logging in as a registered user. Once you close your browser, the cookie is deactivated.

    You may enable or disable cookies by modifying the settings in your browser. You may find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.

    What data we hold

    We generate log files from various servers: this will include an IP address assigned to you.

    We use IP addresses to analyse trends, administer the website, track users’ movements and gather demographic information for aggregate use.  We will not use your IP address to identify you.

    We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

    Using your information

    References to the basis of processing (e.g. "(Basis: Art. 6(f))" are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

    Technical data

    We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

    (Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

    Your data and the EEA

    We do not transfer or process these data outside the European Economic Area.

    No third party has access to these data.

    Your rights

    You have rights in respect of our processing of your personal data but, since all we have is an IP address linked (at best) to your computer or phone, they are not particularly meaningful here.

    The relevant rights are:

    • get access to your personal data and information about our processing of it
    • restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
    • object to our processing for strategy planning purposes

    If you want to exercise any of these rights, please just contact us.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority probably want the UK's Information Commissioner's Office.

    Technical security

    We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

    Retention periods

    Server logs: up to one year, after which they are deleted automatically

    Contact details you provide when you request E bulletins or newsletters are retained until you update your preferences and ask to unsubscribe, so we can continue to provide you with the service you have requested.

    If you register for an event we will, unless you have consented to receive email for future events, delete your contact information once the event has taken place.  

    Information about Capsticks

    Capsticks Solicitors LLP is a limited liability partnership registered in England and Wales under registered number OC340360, authorised and regulated by the Solicitors Regulation Authority.

    A list of members is open to inspection at our registered office, 1 St George's Road, London SW19 4DR.

    The term partner is used to refer to a member of Capsticks Solicitors LLP or an employee or consultant with equivalent standing and qualifications.

    ICO registration

    Capsticks is registered with the Information Commissioner's Office (Z5760582).

    Get in touch

    Email: dataprotection@capsticks.com

  • I am someone who doesn't fit into any of the other categories

    Summary

    This notice is applicable to contact from anyone who is neither a client nor prospective client, nor just visiting this website. This includes press or journalistic enquiries, as well as suppliers to us.

    • We keep to a minimum the information we hold about you
    • We use your data to deal with your enquiry, manage our relationship with you, meet our legal obligations, and improve our website
    • We delete your data when it is no longer needed for these things
    • Generally, we do not give your information to third parties, but there are some exceptions
    • You have privacy rights
    • We take security seriously
    • We are happy to answer your questions about any of this

    What data we hold

    We may hold the following information about you:

    • Your name, identity and contact information

    We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

    Using your information

    References to the basis of processing (e.g. "(Basis: Art. 6(f))" are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

    Dealing with your enquiry

    If you give us a call or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.

    (Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): keeping track of what we have said is a legitimate thing for us to do, as it helps us understand what areas of work are generating interest, as well as helping us correct errors in reporting.)

    Managing our relationship with you

    We will use your data to manage our relationship with you, and to enquire about (and perhaps even buy) products and services from you.

    (Basis: Art. 6(b): we need to use your details to enter into and perform contracts with you. Art. 6(f): keeping track of what we have agreed.)

    Technical data

    We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

    (Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

    Your data and the EEA

    We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, because you have chosen to use an email or other communications service which routes data outside the EEA).

    Your rights

    You have rights in respect of our processing of your personal data. The relevant rights are:

    • get access to your personal data and information about our processing of it
    • in some circumstances, restrict our processing of your data for strategy planning purposes and other "legitimate interests" purposes, and compel us to erase the information we do not use for those purposes
    • object to our processing for strategy planning purposes and other "legitimate interests" purposes

    If you want to exercise any of these rights, please just contact us.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but probably want the UK's Information Commissioner's Office.

    Third parties

    We have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (and the content of what you send us unless you encrypt it).

    Technical security

    All our laptops are full-disk encrypted, as are our phones and tablets.

    We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

    Telephone calls are not encrypted.

    Recorded voicemail messages

    Where we have a voicemail message relating to a client's matter, we may share the call recording with that client by their preferred communications method.

    Retention periods

    Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you or for the duration of a dispute with you

    Server logs: up to one year

    ICO registration

    Capsticks is registered with the Information Commissioner's Office (Z5760582).

  • I am a job applicant

    As part of any recruitment process, Capsticks collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

    What information do we collect?

    Our job board is run using cvMail which is a service managed for Capsticks by Thompson Reuters (TR). When registering to use this service, you are requested to enter certain information about yourself. This information forms the basis for any application.

    The details of your application, covering letter, CV and academic results and any other information will not be viewed by anyone except Capsticks. In the event that you require cvMail support during the application process, a member of the cvMail support team may view information submitted by candidates in order to support them through the application process but this is the only occurrence where candidate information will be viewed by anyone other than Capsticks. cvMail will hold personal information supplied for the duration of the recruitment process. You can edit any information entered into cvMail including contact details, e-mail address, application information and password. However, once an application has been sent, that specific application cannot be altered. You have certain rights to see and correct data held about you as set out in the section “Your rights”.

    Capsticks collects a range of information about you. This includes:

    • your name, address and contact details, including email address and telephone number;
    • details of your qualifications, skills, experience and employment history;
    • information about your current level of remuneration, including benefit entitlements;
    • whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
    • information about your entitlement to work in the UK.

    Capsticks may collect this information in a variety of ways. For example, data might be contained in application forms or CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

    We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.

    Data will be stored in a range of different places, including on your application record, in our HR management systems and on other IT systems (including email).

    Use of cookies

    Temporary cookies are used to present the correct sections to the user e.g. application form pages. These cookies are deleted as soon as a session expires so nothing is permanently stored on a user's computer.

    Why does Capsticks process personal data?

    We need to process data to deal with your application and to decide whether to make an offer to you there is therefore a legitimate interest for us to process your data prior to entering into a contract with you.

    In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the UK before employment starts.

    Capsticks has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

    Capsticks may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment.

    If your application is unsuccessful, Capsticks may keep your personal data on file in case there are future employment opportunities for which you may be suited.

    Who has access to data?

    Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

    We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

    How does Capsticks protect data?

    We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

    For how long does Capsticks keep data?

    If your application for employment is unsuccessful, the organisation will hold your data on file for 2 years, after the end of the relevant recruitment process.

    If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment.   For trainee solicitors we will hold your data in cvMail for 2 ½ years. The periods for which your data will be held on commencement of employment will be provided to you in a new privacy notice.

    Your rights

    As a data subject, you have a number of rights. You may:

    • access and obtain a copy of your data on request;
    • require the organisation to change incorrect or incomplete data;
    • require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
    • object to the processing of your data where Capsticks is relying on its legitimate interests as the legal ground for processing.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority probably want the UK's Information Commissioner's Office.

    What if you do not provide personal data?

    You are under no statutory or contractual obligation to provide data to Capsticks during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

  • I am an employee

    Summary

    • All information we hold about you is kept to a minimum.
    • We use your data to process information for usual employment purposes, to comply with the employment contract, to comply with legal requirements and to pursue the legitimate interests of the firm.
    • We will keep and use your data to enable us to run the firm and manage our relationship with you effectively, lawfully and appropriately.
    • We will use your data and information about you during the recruitment process, whilst you work for the firm and when your employment with us comes to an end and you leave the firm.
    • We delete your data when it is no longer needed.
    • Generally, we do not give your information to third parties, but there are some exceptions
    • You have privacy rights.
    • We take the security of your data seriously.
    • We are happy to answer your questions about any of the information set out in this notice or any other question you may have about how the firm handles your data. 

    The data we hold:

    We will hold the following information about you:

    • Your name, identity and contact information
    • Your job application and/or CV – your CV may be stored in CVmail
    • References from previous employers or other third parties
    • Your contract of employment and any amendments to it
    • Correspondence with or about you
    • Financial information to process salary and other payments to you
    • Records of holiday, sickness or other absence
    • Training records
    • Information needed for equality and diversity monitoring
    • Appraisal information and other relevant performance measures
    • Information and documents about your matters or enquiries, including communications with you
    • Information to administer our range of employee benefits

    We may hold:

    • Disciplinary and grievance records
    • Information relating to your health which could include GP reports and notes to enable compliance with occupational health obligations, to consider how your health affects you doing your job or to decide if any adjustments to your job may be appropriate and to manage any sick pay arrangements
    • Details of any accident reports for injuries sustained whilst at work
    • Information about third parties you provide to us in relation to the payment of death in service benefits

    Using your information

    We must have a lawful basis for processing your information and references to the basis of processing (e.g. Art. 6(f)) are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

    Managing our relationship with you

    We will use your data to manage our relationship with you.

    (Basis: Art. 6(b): we need to keep your data to enter into and perform our contract with you.)

    Special category data (sensitive personal data)

    We will obtain your consent, which you may withdraw at any time, to process special categories of information relating to your:

    • Racial or ethnic origin
    • Political opinions
    • Religious and philosophical beliefs
    • Trade union membership
    • Sexual orientation

    Unless this is not required by law or information is required to protect your health in an emergency. 

    Monitoring

    We monitor computer and mobile telephone use as detailed in our policies. You can access these via our Employee Handbook which can be found on the intranet. 

    Third parties

    We do not generally share information with third parties but there are some exceptions to this:

    • if we are legally obliged to do so; or
    • where we need to comply with our contractual duties to you.

    We will disclose information about you to our external payroll provider, to our benefit providers and to other third parties who may require it from time to time. 

    Your data and the EEA

    We do not transfer or process data outside of the European Economic Area unless we have your specific consent.

    Your rights

    You have rights in respect of our processing of your personal data. The relevant rights are:

    • Access – you can ask about your personal data and information about our processing of it
    • Data portability - you may obtain and reuse your personal data for your own purposes across different services
    • Restriction - in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
    • Objection - object to our processing for strategy planning purposes

    If you want to exercise any of these rights, please just contact us.

    You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you will most likely want to contact the UK's Information Commissioner's Office.

    Technical security

    We take all appropriate steps to protect your information.  We have robust information security management systems in place to protect your personal information.  Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as indication of best practice in information security and information risk management.

    Capsticks is also accredited to Cyber Essentials plus to help protect our systems from cyber-attack.

    Retention periods

    Your personal data will be stored for the duration of your employment with the firm and then as follows:

    Record type

    Retention period

    Accident books, reports and records

    3 years from the date of the last entry (if an accident relates to a child or young adult—until that person reaches 21 years)

    Income tax and NI records and correspondence with HMRC

    7 years after the end of the financial year to which they relate

    Retirement Benefits Schemes—notifiable events

    6 years from the end of the scheme year in which the event took place

    Statutory Maternity Pay records

    3 years after the end of the tax year in which the maternity period ends

    Statutory Sick Pay records

    3 years after the end of the tax year to which they relate

    Salary and pay records

    7 years

    Application forms and interview notes for unsuccessful candidates

    2 years from the date that your information was first received by the firm. 

    Parental leave records

    5 years from the birth or adoption of the child or 18 years if the child receives a disability allowance

    Pension scheme investment policies

    12 years from the end of any benefit payable under the policy

    Personnel files and training records (including disciplinary records and working time records)

    6 years after employment ceases

    Redundancy records

    6 years from date of redundancy

    Other HR records

    2 yeas or for the minimum amount of time necessary depending on the information. 

    ICO registration

    Capsticks is registered with the Information Commissioner's Office (Z5760582).

    Get in touch

    Any questions about your rights under this notice: dataprotection@capsticks.com

Show allHide all

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Email: dataprotection@capsticks.com