Privacy
PRIVACY NOTICE
INTRODUCTION
This privacy notice explains how we use and protect personal data which we hold. 
Please take a moment to read this notice as we explain the things which we think are important for you to know about the personal data we collect from you such as what personal data we collect, how we use that data, how we protect your data and who we may share your data with. We also explain the rights you have in relation to your personal data which we hold. Finally, there’s a bit about cookies – what they are and how to get rid of them if you don’t want them.
If you have any questions relating to how we handle your personal data, please write or email us at the contact address set out below.
We try not to include any links to external websites within our own website however we are obliged to include a link to the website of the Solicitors Regulation Authority. Please bear in mind that this Notice does not cover external websites and we encourage you to read the privacy statements of the other websites you visit.
Before going into the detail, we just want to mention a few top-level principles that govern our approach:
1. We want to collect as little of your personal data as we can
2. We want to use your personal data as little as possible
3. We don’t want to share any of your personal data with anyone else
4. We want to ensure your personal data is kept highly secure at all times
5. We don’t want to keep your personal data any longer than is necessary
About Us
Marshall Haines is a law firm established in England and regulated by the Solicitors Regulation Authority under registration number 463221.
Our registered office address is at 351 Norton Way South, Letchworth, Hertfordshire, England SG6 1SZ.
We are registered as a data controller with the Information Commissioner’s Office under registration number Z9833207.
About This Notice
This privacy notice covers any person whose personal data we process where we are a data controller for that personal data. We are a data controller where we decide what the personal data can be used for and how the personal data is processed.
Where we process personal data on behalf of another company or organisation, we will be doing so as a data processor and our processing will be governed by a contract which we will have with the data controller who will have a separate privacy notice which will apply.
If you would like to contact us in relation to this Notice or your personal data, please contact our data protection manager via email at adam@marshallhaines.co.uk
ABOUT YOUR PERSONAL DATA
The personal data we collect, the purpose(s) we use it for and the lawful basis we hold it will vary depending on the category of the person it relates to. To help explain this, we have set out separate categories as follows:
A. Job Applicants
What personal data we collect:
We may receive your personal data where you apply to us for employment.
The personal data we collect will depends on the personal data that you send to us set out on your CV or resume. Typically this will include your name, home address, telephone number, email address, details relating to your past employment and education and could include ethnic origin, age and gender. We do not collect more information than we need to use in order to evaluate your applicable.
How we use your personal data:
We use your personal data for our recruitment purposes only, to contact you to progress your application and to assess your suitability for the role you applied for.
The lawful basis for our collection and use of your personal data:
Our processing of this personal data is necessary for the purposes of our legitimate interests in evaluating you as a candidate for employment within our firm.
Who we may disclose your personal data to:
We will not disclose your personal data to any third party unless we are required by law or regulation to do so.
How long we keep your personal data:
If you are successful, we will keep your personal data for the duration of your employment plus 6 years following the end of your employment.
If you are unsuccessful or if you have provided personal data to us where we do not have a position then we will delete the personal data you have provided within 30 days.
B. Customer Personnel
When we work on a project, we collect a small amount of personal data relating to employees of our clients as well as employees of any counterparties who are involved in the transaction. We process this personal data on behalf of our clients as a data processor only and our processing is governed by a separate agreement with our clients.
C. Supplier Personnel
What personal data we collect:
We may collect your personal data when you correspond with us on behalf of the company or organisation that you work for.
The personal data we collect will typically include your name, the name and address of the company you work for, your business telephone number, your mobile telephone number and your email address.
How we use your personal data:
We will use your personal data only to correspond with you in the course of business conducted between us and the organisation you work for or represent. This may include contacting you in connection with existing products and services which your organisation provides to us, for billing and payment and in response to your enquiries.
The lawful basis for our collection and use of your personal data:
Our processing of this personal data is necessary for the purposes of our legitimate interests in carrying out business with the organisation which you work for or represent and to correspond with you.
How long we keep your personal data:
If we have purchased goods or services from your organisation then we will keep all records relating to that transaction for 6 years. In all other cases we will delete the personal data within 90 days of your last correspondence to us.
D. Prospective Clients' Personnel
What personal data we collect:
We may collect your personal data where we correspond with you to offer our services to the company which you represent.
The personal data we collect will typically include your name, the name and address of the company you work for, your business telephone number, your mobile telephone number and your email address.
How we use your personal data:
We will use your personal data only to correspond with you in connection with our provision of services to the organisation you work for or represent. 
The lawful basis for our collection and use of your personal data:
Our processing of this personal data is necessary for the purposes of our legitimate interests in offering services to the organisation which you work for or represent and to correspond with you.
How long we keep your personal data:
We will only keep your personal data for the duration of the sales process which will end either when the organisation becomes a client or when it declines our offer to provide services. Once this process has run its course (which should only be a few months) we will delete your personal data.
E. Website Visitors
What personal data we collect:
When you visit our website, we may collect your personal information where you submit a form containing your personal data or where the website helps you send an email to us.
The personal data we collect will typically includes your name, the name of the company you represent, your email address, your telephone number and the information contained in any correspondence with you.
How we use your personal data:
We will use your personal data only for the purpose of communicating with you in response to your enquiries.
The lawful basis for our collection and use of your personal data:
Our processing of this personal data is necessary for the purposes of our legitimate interests in communicating with or providing our services to the company you represent.
How long we keep your data:
This depends on the nature of the communication. Please see Section D above which relates to how we deal with personal data of personnel from prospective clients. 

About your personal data if you are applying to us for a job

What personal data we collect:

We may receive your personal data where you apply to us for employment.

The personal data we collect will depend on the personal data that you send to us set out on your CV or resume. Typically this will include your name, home address, telephone number, email address, details relating to your past employment and education and could include ethnic origin, age and gender. We do not collect more information than we need to use in order to evaluate your applicable.


How we use your personal data:

We use your personal data for our recruitment purposes only, to contact you to progress your application and to assess your suitability for the role you applied for.


The lawful basis for our collection and use of the personal data:

Our processing of this personal data is necessary for the purposes of our legitimate interests in evaluating you as a candidate for employment within our firm.


Who we may disclose your personal data to:

We will not disclose your personal data to any third party unless we are required by law or regulation to do so.


How long we keep your personal data:

If you are successful, we will keep your personal data for the duration of your employment plus 6 years following the end of your employment.

If you are unsuccessful or if you have provided personal data to us where we do not have a position then we will delete the personal data you have provided within 30 days. 

 

About your personal data if the organisation you work for is a client

When we work on a project, we collect a small amount of personal data relating to employees of our clients as well as employees of any counterparties who are involved in the transaction. We process this personal data on behalf of our clients as a data processor only and our processing is governed by a separate agreement with our clients.

About your personal data if the organisation you work for is a supplier or prospective supplier

What personal data we collect:

We may collect your personal data when you correspond with us on behalf of the company or organisation that you work for.

The personal data we collect will typically include your name, the name and address of the company you work for, your business telephone number, your mobile telephone number and your email address.


How we use your personal data:

We will use your personal data only to correspond with you in the course of business conducted between us and the organisation you work for or represent. This may include contacting you in connection with existing products and services which your organisation provides to us, for billing and payment and in response to your enquiries.


The lawful basis for our collection and use of the personal data:

Our processing of this personal data is necessary for the purposes of our legitimate interests in carrying out business with the organisation which you work for or represent and to correspond with you. 


How long we keep your personal data:

If we have purchased goods or services from your organisation then we will keep all records relating to that transaction for 6 years. In all other cases we will delete the personal data within 90 days of your last correspondence to us.

About your personal data if the organisation you work for is a prospective client

What personal data we may collect:

We may collect your personal data where we correspond with you to offer our services to the company which you represent.

The personal data we collect will typically include your name, the name and address of the company you work for, your business telephone number, your mobile telephone number and your email address.


How we use your personal data:

We will use your personal data only to correspond with you in connection with our provision of services to the organisation you work for or represent. 


The lawful basis for our collection and use of the personal data:

Our processing of this personal data is necessary for the purposes of our legitimate interests in offering services to the organisation which you work for or represent and to correspond with you. 


How long we keep your personal data:

We will only keep your personal data for the duration of the sales process which will end either when the organisation becomes a client or when it declines our offer to provide services. Once this process has run its course (which should only be a few months) we will delete your personal data.

About your personal data if you are a visitor to our website

What personal data we may collect 

When you visit our website, we may collect your personal information where you submit a form containing your personal data or where the website helps you send an email to us.

The personal data we collect will typically includes your name, the name of the company you represent, your email address, your telephone number and the information contained in any correspondence with you.


How we use your personal data

We will use your personal data only for the purpose of communicating with you in response to your enquiries. 


The lawful basis for our collection and use of the personal data

Our processing of this personal data is necessary for the purposes of our legitimate interests in providing our services to the company you represent.


How long we keep your personal data:

This depends on the nature of the communication. Please see the section relating to how we deal with personal data of personnel from prospective clients


Keeping Your Personal Data Safe 
We will periodically evaluate your personal data which we hold to determine whether we should continue to hold it. We have implemented all appropriate technical, organisational and security procedures to protect your personal data from unauthorised access or from accidental loss or corruption. These measures include restricting physical access to our premises where personal data is held and using access controls and firewalls to prevent unauthorised access to our systems.
Disclosing Your Personal Data
Except as set out above and save for the following exceptions, we will not disclose your personal information to any third party.
We will disclose your personal data to law enforcement agencies or regulatory bodies if we are required to do so by law
Correspondence containing your personal data (for example your email address) may be inspected by our Law Society-approved external auditor as part of the annual Lexcel audit of our practice.
If at any time we wish to disclose your personal data in circumstances other than those above, we will always obtain your express consent before doing so.
Holding Your Personal Data
Unless we provide for a specific duration in the categories set out above, we will keep your personal data for as long as is necessary for the purposes set out in this Notice after which time we will either delete your personal data or remove all personal identifiers from the data so that it has become anonymous.
International Data Transfers
We will not transfer your personal data to any country outside the UK or the EU.
COOKIES
A cookie is a text string of information that a website transfers to the cookie file of the browser on your device so that the website can remember who you are. A cookie will typically contain the name of the domain from which the cookie has come, the "lifetime" of the cookie, and a value, usually a randomly generated unique number.
We may use cookies to record information about how you access our website. To the extent that these cookies contain personally identifying data, this will be limited to IP addresses only. You can choose not to accept cookies by setting the preferences on your internet browser. If you do not accept cookies from us, this may impair or prevent your access to certain information on our website.
You can delete cookies at any time. How you do this depends on the web browser that you use but all the major browsers have a privacy section within the browser settings which allows cookies, history and temporary files to be deleted.
YOUR RIGHTS AS A DATA SUBJECT
As a data subject, the law provides you with certain rights in relation to your personal data which we hold. You have the right to request the following: (1) Access to your personal data and information about why we hold it and who we can disclose it to; (2) Correction of your personal data if it is inaccurate, incomplete or out of date; (3) Deletion of your personal data (for example where you withdraw consent to our processing of your personal data or if you object to our processing and we have no overriding legitimate interest to continue to process your data); (4) Stopping the processing of your personal data for certain purposes such as direct marketing; (5) To receive your personal data in a commonly used machine-readable format or have this data sent to your designated recipient; and (6) To object to automatic decision making and profiling based on your personal data. Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
To request a copy of your personal data or to make any other request outlined above, please contact our Data Protection Officer by email at the contact details given at the start of this Notice. To safeguard the personal data we hold, we need to confirm your identity before we can take action following a request made under this section.
Contacting the Regulator
If you are not happy with how we have processed your personal data or how we have responded to a request you have made to us, you have the right to make a complaint to the Information Commissioner’s Office who is charged with regulating data protection and use of personal data. The Information Commissioner’s Office can be contacted through their website (www.ico.gove.uk) or by telephone (0303 123 1113).
REVISIONS TO THIS NOTICE
We may change this Notice from time to time. If we make any material changes we will endeavour to place a notice on our website in advance of the changes.
Share by: