Data Protection – Privacy Notice
1. This Privacy Notice contains information about what data we collect, process and store and the reasons for obtaining and processing the data. It also sets out who we share information with, the steps we take to ensure information is kept secure, your rights (as the “data subject”) in respect of personal data and how to contact us in the event of a complaint.
2. Stonegate Legal Limited provides legal services (‘Legal Services’) and is a data controller for the purpose of the General Data Protection Regulation (‘GDPR’) in respect of personal data supplied to it in order to provide the Legal Services. In this Privacy Notice Stonegate Legal Limited is referred to as “we” and you as the client are referred to as “you”.
3. If you have any questions about this Privacy Notice or about personal data you can contact Daniel Lumb at firstname.lastname@example.org or write to us at
PO Box 363
The personal information we collect
4. In order to provide Legal Services we may collect the following information from you, and/or relevant third parties, which relates to the legal matter that we are instructed on
(a) Your name and contact details
(b) Date of birth, national insurance number, tax references
(c) Identification documents
(d) Information relevant to the matter for which Legal Services are being provided (which may include, by way of example: personal information relating to third parties involved in the case; further personal information relating to you; special categories of data, such as medical, rehabilitation, sexual orientation, social care history and records; details of religious or other beliefs)
5. You will usually be the source of any personal information that we hold but we may in some matters, with your consent, collect this from third party sources (which may include, by way of example: care companies, medical professionals, local authorities, the Department for Work and Pensions, financial institutions, financial advisers, family members, other advisers, the Office of the Public Guardian and the Court).
6. We are keen to ensure that any personal information we hold about you should remain accurate and up to date. Therefore, please let us know if there are any significant changes to your personal details
How we use your personal information
7. We will process and store the personal data that we collect primarily for the provision of Legal Services and it will be used and protected by us in accordance with applicable data protection legislation and this Privacy Notice. The legal bases that we rely upon are that:
(a) The processing is necessary for the performance of the contract to provide the Legal Services to you; and/or
(b) The processing is necessary in order to comply with legal obligations to which we are subject (which may include, by way of example: complying with the money laundering regulations, complying with court directions and / or any investigation by the Legal Services Ombudsman, the Solicitors Regulation Authority and the Information Commissioner’s Office). In order to comply with money laundering regulations we will need to check your records with a credit reference agency which may record the search and make it available to other organisations.; and/or
(c) The processing is necessary for the purposes of our legitimate interests (which may include, by way of example: the defence of potential complaints or legal proceedings, keeping of money laundering records, or for otherwise complying with our professional obligations); and/or
8. Where we process sensitive personal data the legal bases that we rely upon are that:
(a) The processing is necessary for the establishment, exercise or defence of legal claims (which may include, by way of example: the assessment, advancement or defence of civil or criminal proceedings which you instruct us to undertake on your behalf, applications and appeals for state benefits, health, life and property insurance claims, assessment of care funding and care contracts). Alternatively the sensitive personal data, may be retained for the defence of potential complaints and legal proceedings against ourselves; and/or
(b) The processing is necessary for reasons of substantial public interest, such as complying with court orders, and to comply with investigations carried out by the Legal Services Ombudsman, the Solicitors Regulation Authority and the Information Commissioner’s Office, or any other statutory regulator and/or to otherwise comply with our professional obligations.
9. We will not use personal data for purposes that are not clear at the time they were provided and personal data will not be disclosed to third parties except
(a) where necessary for the provision of the Legal Services. Our work for you is likely to require us to disclose information to third parties (which may include, by way of example: the Courts, the Office of the Public Guardian, the Solicitor’s Regulation Authority, our auditors, your other advisers (such as barristers, other solicitors, accountants and IFAs), expert witnesses, care providers, the police (where you have been the victim of a crime), local authorities, the NHS and state benefit providers). In addition our network security providers and case management software providers will from time to time require access to the personal data this is necessary to ensure the efficient and secure provision of the Legal Services; or
(b) in accordance with our professional obligations (which may include, by way of example: a legal or regulatory duty, to enforce our contractual rights; to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity, where such disclosure is necessary to protect the safety or security of any persons and/or otherwise as permitted under applicable law.
10. Personal information will not be used for any other purpose than has been set out in this Privacy Notice
11. We will retain personal information for no longer than is reasonably necessary for the provision of the Legal Services. Personal information will not be retained indefinitely, subject as below, or for reasons incompatible with relevant data protection legislation, including the General Data Protection Regulation and the requirements of other regulatory bodies.
12. Our standard data retention period for personal information provided to us for the purpose of providing the Legal Services is 15 years from the date we close your file, or closure of any linked file to which the personal information relates, if later (for example a probate following a deputyship). The period of 15 years is the long stop period specified for claims in section 14B of the Limitation Act 1980. After that time, the data will be securely deleted or destroyed, unless the matter remains outstanding in some material respect after that period has expired. For the purposes of clarification, this policy does not apply to original deeds, powers of attorney or wills which will be retained until requested by or returned to you as mentioned below
13. We offer a storage facility for deeds, powers of attorney and wills. We will store your will and deeds until such time as you request their return and reserve the right to return the documents to you at any time. We do not currently make a charge for this storage service but reserve the right to do so in the future and we will write to you to confirm any charges prior to these being levied. We cannot accept responsibility for the loss of, or damage to, any item which we hold, except by prior arrangement.
14. If there are outstanding monies owed to the firm by you whether in respect of fees, disbursements or other charges, we reserve the right to keep your papers, deeds, wills, files or other documents until all outstanding payments have been discharged. This is known as a right of lien.
15. We may retain your name and contact information beyond that period, until it is no longer required for professional obligations such as conflict checking.
16. The security of personal information is important to us and we have appropriate measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed by those individuals authorised to do so and where there is a legitimate need to access the data. Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by us (either through accidental disclosure or deliberate act) and in line with our obligations under the applicable data protection legislation, including the General Data Protection Regulation
Data outside the European Economic Area (EEA)
17. It will be rare that we are required to transfer data outside of the EEA. There may however be occasions where this is necessary in order to perform the Legal Services. Where this happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is processed with the same or similar safeguards and processes that we undertake within the EEA.
18. Under the General Data Protection Regulation, you (as the “data subject”) have a number of important rights regarding your personal information. These are subject to the conditions and restrictions set out in the General Data Protection Regulation and the Data Protection Act 2018 and in summary, include the right to
(a) Request access to your personal information;
(b) Request that any inaccurate information is corrected;
(c) Request that processing of your personal information is restricted;
(d) Request that any personal information that we hold is erased in certain circumstances;
(e) Request a copy of the personal information that has been provided to us;
(f) Object to the processing of personal information or the continued processing of personal information;
(g) Request not to be subject to automated decision making.
Further information regarding your rights under the General Data Protection Regulation is available at www.ico.org.uk
19. If you would like to exercise any of these rights then you should contact us via email at email@example.com or write to
PO Box 363
When contacting us please ensure that you provide relevant information to allow us to identify you and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity.
We will respond to you within one month from when we receive a valid request.
Complaints regarding data
20. We hope that you will be happy with our Legal Service and that we can resolve any issues or complaints that may arise. If you have a complaint regarding any aspect of your personal data or this Privacy Notice please contact us via email at firstname.lastname@example.org
21. In the event that you are not satisfied with the outcome of your complaint, you may write to the Information Commissioner’s Office at www.ico.org.uk or write to them at:
Information Commissioner’s Office