Privacy

Summary

• We keep to a minimum the information we hold about you
• We use your data to provide you with legal services, meet our legal and regulatory obligations, and improve our website
• We delete your data when it is no longer needed for these things
• Generally, we do not give your information to third parties, but there are some exceptions
• You have privacy rights
• We take security seriously
• We are happy to answer your questions about any of this

The data we hold:

We will hold the following information about you:

• Your name, identity and contact information
• Information about your business activities
• Information and documents about your matters or enquiries, including communications with you
• Billing and payment information

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

We must have a lawful basis for processing your information and references to the basis of processing (e.g. Art. 6(f)) are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

Giving you legal advice

We use the information we hold about you and your business — both personal and otherwise — to provide you with legal advice

We also use your information to bill you, and keep track of payments that you make to us.

(Basis: Art. 6(b): this is necessary to deliver the service to you.)

ID checks

We will have done an ID check on you before you become a client. If you do not instruct us for a while, we may need to do another ID check. If you would prefer not to provide this information, we will not be able to act for you.

We retain identity verification information for as long as you are our client, and then five years.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

Sources of money

We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding. If you would prefer not to provide this information, we will not be able to act for you.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

Technical data

We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate interest.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

Your rights

You have rights in respect of our processing of your personal data. The relevant rights are:

• get access to your personal data and information about our processing of it
• data portability you may obtain and reuse your personal data for your own purposes across different services
• in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
• object to our processing for strategy planning purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you will most likely want to contact the UK's Information Commissioner's Office.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission.

There are some exceptions to this:

• If you do not pay your bills, we may choose to engage a third party to recover any money you owe us.
• It is possible that we might be forced to disclose your information in response to a court order or other binding mandate.
• It is possible we may need to make a disclosure to law enforcement if we suspect money laundering or tax evasion. We may not even be able to tell you of our suspicions if, in doing so, we would be committing the offence of tipping off. We will still try to minimise any sharing of your personal data.

• As solicitors, we have a professional duty to co-operate with our regulator, the Solicitors Regulation Authority
• We also have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).

Technical security

We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

Telephone calls are not encrypted.

If you have particular security requirements, please call us to discuss how we can support you.

Voicemail messages

If you leave a voicemail message, this will be sent as an email to the person you wanted to speak with and it will be retained for the duration of the relationship with us and then generally seven years.

Retention periods

Data about clients: duration of your relationship with us, then generally seven years for paper files and eight years for electronic data.  We generally delete live data from our systems seven years after your relationship with us ended but retain a backup copy of data for a further year as a precaution against cyber attacks

Client ID verification: duration of your relationship with us, then five years

Data about specific matters: duration of the matter, then generally seven years

Server logs: up to one year

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Email: [email protected]

Summary

• We keep to a minimum the information we hold about you
• We use your data to provide our services to you, meet our legal obligations, and improve our website
• We delete your data when it is no longer needed for these things
• Generally, we do not give your information to third parties, but there are some exceptions
• You have privacy rights
• We take security seriously
• We are happy to answer your questions about any of this

What data we hold

If you contact us, we will hold the following information about you:

• Your name, identity and contact information
• Information about your business activities
• Information and documents about your enquiries, including communications with you

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f)") are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

Giving you legal advice

If you get in touch looking for legal advice, we will do some research to understand more about you and what you do. Usually, this means reading up about you, how you position yourself in the market, what you display on your public facing websites and social media presence, and so on. This helps us work out how best we can help you, and if we're really the right people for the job.

(Basis: Art. 6(b): this is necessary to deliver the service to you.)

ID checks

The law requires that, in some situations, we must know who you are before we can give you legal advice.

The level of checking we need to undertake depends on the potential risk, and there are certain factors which are considered to be high risk. One example is if you are an individual and are not able to meet us face-to-face.

If you would prefer not to provide this information, we will not be able to act for you.

Any personal data received from you for this purpose will be processed only for the purposes of preventing money laundering, terrorist financing or tax evasion, unless we have your consent to process it for another purpose.

We retain identity verification information for as long as you are our client and then five years, or else five years from the point you decide you do not want to become a client.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

Sources of money

We may need to ask questions about the source of your money, to discharge our regulatory obligations relating to proceeds of crime and terrorist funding. If you would prefer not to provide this information, we will not be able to act for you.

(Basis: Art. 6(c): we have to do this processing to comply with legal and regulatory obligations.)

Dealing with enquiries

If you call us or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, to help us plan our business strategy and check that we are offering what potential clients want.

(Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): business planning is a legitimate thing for us to do, and keeps us relevant and hopefully more in tune with your needs.)

Technical data

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your consent or where the nature of the processing requires it (for example, where we are emailing a party to your matter who is based outside the EEA, or because you have chosen to use an email or other communications service which routes data outside the EEA).

Your rights

The relevant rights are:

• get access to your personal data and information about our processing of it
• in some circumstances, restrict our processing of your data for strategy planning purposes and other "legitimate interests" purposes, and compel us to erase the bits we do not use for those purposes
• object to our processing for strategy planning purposes and other "legitimate interests" purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you probably want the UK's Information Commissioner's Office.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission.

There are two exceptions to this:

• It is possible that we might be forced to disclose your information in response to a court order or other binding mandate.

• As solicitors, we have professional duties, including to co-operate with our regulator, the Solicitors Regulation Authority, as well as to report suspicious transactions or money laundering. We may not even be able to tell you of our suspicions if, in doing so, we would be committing the offence of tipping off. We will still try to minimise any sharing of your personal data.

We also have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (and the content of what you send us unless you encrypt it).

Technical security

Our laptops are full-disk encrypted, as are our phones and tablets.

We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

Telephone calls are not encrypted.

If you have particular security requirements, please call us to discuss how we can support you.

Voicemail messages

If you leave a voicemail message, this will be sent as an email to the person you wanted to speak with and it will be retained for the duration of the relationship with us and then generally for seven years.

Retention periods

Data about clients: duration of your relationship with us, then generally seven years

Client ID verification: duration of your relationship with us, then five years

Server logs: up to one year

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Email: [email protected]

Summary:

This privacy notice sets out what information we process when you visit this website

You do not have to give us any personal information in order to use most of this website, except where you ask for information or subscribe to a service.

Capsticks LLP is the sole owner of the information collected on this website. We do not sell, share, or transfer this information, except as set out in this statement. We use your information to improve our marketing, for administration and to provide legal services.

Submitting your contact details

On various occasions, including through forms on our website, we invite or request you to submit your contact details and other information about yourself or your organisation, or to send us emails which will, of course, also identify you.

How we use this information

In each case, the purpose for which you are invited to give us information is clear. We will not use your information for purposes that are not clear when you provide your details, and will not disclose it outside Capsticks, except to service providers acting on our behalf or in other very limited circumstances, for example, with your agreement or where we are legally obliged to do so

Ebulletins and newsletters

We will only provide you with e-bulletins and newsletters that you have consented to receiving. To subscribe for our insights and news updates please register by completing our form in the top right corner of the site. To unsubscribe, either update your details via the subscription form or email us at [email protected]

For marketing purposes, we may monitor whether you open and/or click on URLs in our newsletters.

Events

To register to attend any of our events you must complete a registration form. During registration if you wish to attend the event you will need to provide us with your contact information (such as name, address, phone number and email address). This information enables us to communicate with you regarding the logistics of the event and if you have agreed we will add you to our database to ensure you receive future communications about events that may be relevant to you.

Occasionally, you may be taken to other organisations’ websites to register for an event or to administer payment for attending an event. We cannot be responsible for third party websites so we recommend that you ensure you read the relevant privacy policy when visiting third party websites.

At any time, you will be able to change your mind about being contacted by us or let us know if your details are inaccurate or out of date by emailing:  [email protected]

Cookies

A cookie is a piece of data stored on a user's hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them:

• Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.

Google Analytics is a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies (see above), to help us analyse how users use our site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States.

Google will use the information on behalf of Capsticks for the purpose of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage. The IP address that your browser conveys within the scope of Google Analytics, will not be associated with any other data held by Google. You may refuse the use of these cookies via the settings in your browser as explained above. You may also opt out of being tracked by Google Analytics in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en’

• ASP.Net cookie: we use this cookie to allow visitors to view the website without logging in as a registered user. Once you close your browser, the cookie is deactivated.

You may enable or disable cookies by modifying the settings in your browser. You may find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.

What data we hold

We generate log files from various servers: this will include an IP address assigned to you.

We use IP addresses to analyse trends, administer the website, track users’ movements and gather demographic information for aggregate use.  We will not use your IP address to identify you.

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f))" are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Technical data

We use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Your data and the EEA

We do not transfer or process these data outside the European Economic Area.

Your rights

You have rights in respect of our processing of your personal data but, since all we have is an IP address linked (at best) to your computer or phone, they are not particularly meaningful here.

The relevant rights are:

• get access to your personal data and information about our processing of it
• restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
• object to our processing for strategy planning purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority probably want the UK's Information Commissioner's Office.

Technical security

We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

Retention periods

Server logs: up to one year, after which they are deleted automatically

Contact details you provide when you request E bulletins or newsletters are retained until you update your preferences and ask to unsubscribe, so we can continue to provide you with the service you have requested.

If you register for an event we will, unless you have consented to receive email for future events, delete your contact information once the event has taken place.  

Information about Capsticks

Capsticks Solicitors LLP is a limited liability partnership registered in England and Wales under registered number OC340360, authorised and regulated by the Solicitors Regulation Authority.

A list of members is open to inspection at our registered office, 1 St George's Road, London SW19 4DR.

The term partner is used to refer to a member of Capsticks Solicitors LLP or an employee or consultant with equivalent standing and qualifications.

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Email: [email protected]

Summary

This notice is applicable to contact from anyone who is neither a client nor prospective client, nor just visiting this website. This includes press or journalistic enquiries, as well as suppliers to us.

• We keep to a minimum the information we hold about you
• We use your data to deal with your enquiry, manage our relationship with you, meet our legal obligations, and improve our website
• We delete your data when it is no longer needed for these things
• Generally, we do not give your information to third parties, but there are some exceptions
• You have privacy rights
• We take security seriously
• We are happy to answer your questions about any of this

What data we hold

We may hold the following information about you:

• Your name, identity and contact information

We also generate log files from various servers: this will include an IP address assigned to you or, more likely, to someone who provides you with Internet access.

Using your information

References to the basis of processing (e.g. "(Basis: Art. 6(f))" are a reference to the article of the General Data Protection Regulation under which we undertake the processing in question.

Dealing with your enquiry

If you give us a call or make contact by email, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received, so that we know what we have said to whom.

(Basis: Art. 6(b): we need to use your details to follow up with you. Art. 6(f): keeping track of what we have said is a legitimate thing for us to do, as it helps us understand what areas of work are generating interest, as well as helping us correct errors in reporting.)

Managing our relationship with you

We will use your data to manage our relationship with you, and to enquire about (and perhaps even buy) products and services from you.

(Basis: Art. 6(b): we need to use your details to enter into and perform contracts with you. Art. 6(f): keeping track of what we have agreed.)

Technical data

We may use the logs from our servers to assist in our firm's security, as well as to determine visitor behaviour and help us plan our strategy (e.g. such as working out which pages on the site are most popular, or whether particular events have caused an increase in traffic).

(Basis: Art. 6(c): we have legal and regulatory obligations to protect our clients and their information. Art. 6(f): strategy planning is a legitimate, indeed sensible, thing for a business to do.)

Your data and the EEA

We do not transfer or process data outside the European Economic Area unless we have your specific consent or where the nature of the processing requires it (for example, because you have chosen to use an email or other communications service which routes data outside the EEA).

Your rights

You have rights in respect of our processing of your personal data. The relevant rights are:

• get access to your personal data and information about our processing of it
• in some circumstances, restrict our processing of your data for strategy planning purposes and other "legitimate interests" purposes, and compel us to erase the information we do not use for those purposes
• object to our processing for strategy planning purposes and other "legitimate interests" purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but probably want the UK's Information Commissioner's Office.

Third parties

We have a small number of companies providing services to us. We use telephony services, which would get to see your phone number if we call you, and a broadband supplier which could see your email address (and the content of what you send us unless you encrypt it).

Technical security

All our laptops are full-disk encrypted, as are our phones and tablets.

We take all appropriate steps to protect your information both online and off-line. We have robust information security management systems in place to protect your personal information. Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as an indication of best practice in information security and information risk management. 

Telephone calls are not encrypted.

Recorded voicemail messages

Where we have a voicemail message relating to a client's matter, we may share the call recording with that client by their preferred communications method.

Retention periods

Supplier contact details: for as long as we have a relationship with you or think we might want to buy products or services from you or for the duration of a dispute with you

Server logs: up to one year

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

As part of any recruitment process, Capsticks collects and processes personal data relating to job applicants. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.

What information do we collect?

Our job board is run using cvMail which is a service managed for Capsticks by Thompson Reuters (TR). When registering to use this service, you are requested to enter certain information about yourself. This information forms the basis for any application.

The details of your application, covering letter, CV and academic results and any other information will not be viewed by anyone except Capsticks. In the event that you require cvMail support during the application process, a member of the cvMail support team may view information submitted by candidates in order to support them through the application process but this is the only occurrence where candidate information will be viewed by anyone other than Capsticks. cvMail will hold personal information supplied for the duration of the recruitment process. You can edit any information entered into cvMail including contact details, e-mail address, application information and password. However, once an application has been sent, that specific application cannot be altered. You have certain rights to see and correct data held about you as set out in the section “Your rights”.

Capsticks collects a range of information about you. This includes:

• your name, address and contact details, including email address and telephone number;
• details of your qualifications, skills, experience and employment history;
• information about your current level of remuneration, including benefit entitlements;
• whether or not you have a disability for which the organisation needs to make reasonable adjustments during the recruitment process; and
• information about your entitlement to work in the UK.

Capsticks may collect this information in a variety of ways. For example, data might be contained in application forms or CVs, obtained from your passport or other identity documents, or collected through interviews or other forms of assessment.

We may also collect personal data about you from third parties, such as references supplied by former employers. We will seek information from third parties only once a job offer to you has been made and will inform you that we are doing so.

Data will be stored in a range of different places, including on your application record, in our HR management systems and on other IT systems (including email).

Use of cookies

Temporary cookies are used to present the correct sections to the user e.g. application form pages. These cookies are deleted as soon as a session expires so nothing is permanently stored on a user's computer.

Why does Capsticks process personal data?

We need to process data to deal with your application and to decide whether to make an offer to you there is therefore a legitimate interest for us to process your data prior to entering into a contract with you.

In some cases, we need to process data to ensure that we are complying with our legal obligations. For example, it is mandatory to check a successful applicant's eligibility to work in the UK before employment starts.

Capsticks has a legitimate interest in processing personal data during the recruitment process and for keeping records of the process. Processing data from job applicants allows us to manage the recruitment process, assess and confirm a candidate's suitability for employment and decide to whom to offer a job. We may also need to process data from job applicants to respond to and defend against legal claims.

Capsticks may process special categories of data, such as information about ethnic origin, sexual orientation or religion or belief, to monitor recruitment statistics. We may also collect information about whether or not applicants are disabled to make reasonable adjustments for candidates who have a disability. We process such information to carry out our obligations and exercise specific rights in relation to employment.

If your application is unsuccessful, Capsticks may keep your personal data on file in case there are future employment opportunities for which you may be suited.

Who has access to data?

Your information may be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles.

We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We will then share your data with former employers to obtain references for you, employment background check providers to obtain necessary background checks.

How does Capsticks protect data?

We take the security of your data seriously. We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.

For how long does Capsticks keep data?

If your application for employment is unsuccessful, the organisation will hold your data on file for 2 years, after the end of the relevant recruitment process.

If your application for employment is successful, personal data gathered during the recruitment process will be transferred to your Human Resources file (electronic and paper based) and retained during your employment.   For trainee solicitors we will hold your data in cvMail for 2 ½ years. The periods for which your data will be held on commencement of employment will be provided to you in a new privacy notice.

Your rights

As a data subject, you have a number of rights. You may:

• access and obtain a copy of your data on request;
• require the organisation to change incorrect or incomplete data;
• require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• object to the processing of your data where Capsticks is relying on its legitimate interests as the legal ground for processing.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority probably want the UK's Information Commissioner's Office.

What if you do not provide personal data?

You are under no statutory or contractual obligation to provide data to Capsticks during the recruitment process. However, if you do not provide the information, we may not be able to process your application properly or at all.

Summary

• All information we hold about you is kept to a minimum.
• We use your data to process information for usual employment purposes, to comply with the employment contract, to comply with legal requirements and to pursue the legitimate interests of the firm.
• We will keep and use your data to enable us to run the firm and manage our relationship with you effectively, lawfully and appropriately.
• We will use your data and information about you during the recruitment process, whilst you work for the firm and when your employment with us comes to an end and you leave the firm.
• We delete your data when it is no longer needed.
• Generally, we do not give your information to third parties, but there are some exceptions
• You have privacy rights.
• We take the security of your data seriously.
• We are happy to answer your questions about any of the information set out in this notice or any other question you may have about how the firm handles your data. 

The data we hold:

We will hold the following information about you:

• Your name, identity and contact information
• Your job application and/or CV – your CV may be stored in CVmail
• References from previous employers or other third parties
• Your contract of employment and any amendments to it
• Correspondence with or about you
• Financial information to process salary and other payments to you
• Records of holiday, sickness or other absence
• Training records
• Information needed for equality and diversity monitoring
• Appraisal information and other relevant performance measures
• Information and documents about your matters or enquiries, including communications with you
• Information to administer our range of employee benefits

We may hold:

• Disciplinary and grievance records
• Information relating to your health which could include GP reports and notes to enable compliance with occupational health obligations, to consider how your health affects you doing your job or to decide if any adjustments to your job may be appropriate and to manage any sick pay arrangements
• Details of any accident reports for injuries sustained whilst at work
• Information about third parties you provide to us in relation to the payment of death in service benefits

Using your information

We must have a lawful basis for processing your information and references to the basis of processing (e.g. Art. 6(f)) are a reference to the article of the General Data Protection Regulation under which we undertake the processing.

Managing our relationship with you

We will use your data to manage our relationship with you.

(Basis: Art. 6(b): we need to keep your data to enter into and perform our contract with you.)

Special category data (sensitive personal data)

We will obtain your consent, which you may withdraw at any time, to process special categories of information relating to your:

• Racial or ethnic origin
• Political opinions
• Religious and philosophical beliefs
• Trade union membership
• Sexual orientation

Unless this is not required by law or information is required to protect your health in an emergency. 

Monitoring

We monitor computer and mobile telephone use as detailed in our policies. You can access these via our Employee Handbook which can be found on the intranet. 

Third parties

We do not generally share information with third parties but there are some exceptions to this:

• if we are legally obliged to do so; or
• where we need to comply with our contractual duties to you.

We will disclose information about you to our external payroll provider, to our benefit providers and to other third parties who may require it from time to time. 

Your data and the EEA

We do not transfer or process data outside of the European Economic Area unless we have your specific consent.

Our suppliers may, due to the global nature of their businesses, transfer data outside of the EEA. If this happens we have contractual provisions in place to ensure that personal data is processed in compliance with applicable Data Protection Laws, including where appropriate, EU Standard Contractual Clauses, certification under the EU-US Privacy Shield or such other international transfer mechanisms approved under applicable DP Laws.

Your rights

You have rights in respect of our processing of your personal data. The relevant rights are:

• Access – you can ask about your personal data and information about our processing of it
• Data portability - you may obtain and reuse your personal data for your own purposes across different services
• Restriction - in some circumstances, restrict our processing of your data for strategy planning purposes, and compel us to erase the bits we do not use for security purposes
• Objection - object to our processing for strategy planning purposes

If you want to exercise any of these rights, please just contact us.

You also have the right to lodge a complaint about our processing with a supervisory authority — you may use any EEA authority but you will most likely want to contact the UK's Information Commissioner's Office.

Technical security

We take all appropriate steps to protect your information.  We have robust information security management systems in place to protect your personal information.  Capsticks is accredited to ISO 27001 which is an international information security standard which is widely recognised as indication of best practice in information security and information risk management.

Capsticks is also accredited to Cyber Essentials plus to help protect our systems from cyber-attack.

Retention periods

Your personal data will be stored for the duration of your employment with the firm and then as follows:

ICO registration

Capsticks is registered with the Information Commissioner's Office (Z5760582).

Get in touch

Any questions about your rights under this notice: [email protected]