Privacy & Cookies Policy

This notice is intended to explain how we use your information and what your rights are in relation to how we use your information.

Who we are

Capstone Law (London) Limited trading as Capstone Law (London) (‘the Firm’) is a Limited Company registered in England and Wales with company number 14057999.

The Firm’s head office is at 2A Seely Road, London, SW17 9QR, England.

The Firm’s registered office is at 2A Seely Road, London, SW17 9QR, England.

The Firm is the ‘Controller’ for data protection purposes. This means that the Firm collects and holds your information and decides what it will be used for. The Firm is subject to the requirements of data protection legislation applicable to the UK and must use your personal data in accordance with the law. The Firm is registered with the Information Commissioner’s Office (ICO), with registration number ZB520217.

How you can contact us

We have appointed Syeda Mehvish Zaidi as our Data Protection Manager and you can contact her to discuss this privacy notice any data protection related issues or queries.

Telephone: 07724 143 406

Email: info@capstonelaw.london

Post: 2A Seely Road, London, SW17 9QR, England

If you are a visitor to our website

Analytics

When you visit our website, we use Google Analytics (a third-party service) to collect standard internet log information and details of visitor behaviour patterns. We do this so that we can find out how people use our website e.g. how many people visit our website and which areas they look at.

We have anonymised this information by ensuring that your IP address cannot be identified.

The information generated by Google Analytics is transmitted to and stored by Google on servers in the United States. Google agrees to the Standard Contractual Clauses (SCCs) for data protection which put it under an obligation to meet certain data protection and security standards required by UK law. Google will use the information on behalf of the firm for the purposes of evaluating your use of the website, compiling reports on website activity for us and providing us with other services relating to website activity and internet usage.

You may refuse the use of the cookies used by Google Analytics via the settings in your browser (see cookies section below). To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Our lawful basis for using your information in this way will be two-fold:

  1. For our legitimate interests in understanding how our website is used; and
  2. Your consent to our use of cookies via our cookies consent bar which appears when you first visit the homepage of our website.

How we use cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by us to your computer and will be stored on your computer until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when you leave our site. A pop-up with information held on cookies will appear on the firm’s website.

We use both session cookies and persistent cookies on this website. This list below explains the cookies we use and why:

(a) We use Google reCAPTCHA for spam protection.

(b) We use HubSpot to better understand our users’ needs and manage our subscriber.

(c) We use Hotjar in order to better understand our users’ needs and optimise this service and experience.

Cookies (a) are session cookies, whereas cookies (b) and (c) are persistent cookies.

Our lawful basis for using your information in this way will be two-fold:

  1. For our legitimate interests in understanding how our website is used; and
  2. Your consent to our use of cookies via our cookies consent bar which appears when you first visit the homepage of our website.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Using our contact form

If you submit your personal details to us by completing and submitting our contact form, we will use your information to:

  • Contact you to respond to your request for contact.
  • Send information to you about the firm and its services, where you have given us express authority to do so.

We will add your contact details to our electronic database and keep them for as long as you provide your consent for us to use your contact details in this way.

Our lawful basis for using your information in this way will be two-fold:

  1. For our legitimate interests in marketing our services; and
  2. Upon your express consent (where required by law).

Will not share information received through our contact form with any third party unless you expressly authorise us to do so or we are required by law.

Visiting our offices

Closed Circuit Television (CCTV) is only in operation at the main reception of the building and the common areas.

If you make an enquiry to our firm

Where you make an enquiry to our firm but do not instruct us following that enquiry, we will hold details of your enquiry on our systems for up to 12 months. This is for our legitimate interests in being able to ensure that we can recall your enquiry should you revisit the matter with us some weeks or months later, therefore improving your experience with us, and to ensure that we can call upon it if any complaint is made about the way that we handled your enquiry. After this time, the record of your enquiry to us, along with your personal data that you provided to us, will be permanently deleted from our systems.

If we seek consent from you to send details of our services that we may think may interest you in the future, then we will hold your contact details on our marketing database until you ask us to stop sending such materials. Where this is by email, you can unsubscribe from our marketing at any point using the unsubscribe facility in each and any marketing email that we send to you. Your details will be removed from our systems as soon as possible after receipt of a notification from you that you no longer wish to receive our marketing material, and no longer than one month after receipt of your notice.

If you are a client

Legal basis for processing personal data

We keep your information confidential and will not disclose it to third parties unless disclosure is:

  1. Authorised by you;
  2. Necessary as part of the legal services we are providing to you (to perform our contract with you);
  3. Required by law or our professional rules;
  4. Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure or processing); or
  5. Necessary to protect your vital interests or those of another person i.e. to protect a life.

Our reasons for processing your personal data will also fall into at least one of the five categories listed above.

Where we process any special categories of your personal (such as health data, racial or ethnic data, religious data etc.), our processing will be based on at least one of the following conditions:

  1. Explicit consent from you.
  2. It is necessary to protect your vital interests or those of another natural person where you are physically or legally unable to give consent.
  3. Processing relates to personal data which you have manifestly made public.
  4. Processing is necessary for the establishment, exercise, or defence of legal claims.

Please contact us if you would like more information about our legal basis for processing your personal data.

How we use your personal data

We use your information primarily to provide legal services to you. We also use your information for: accounting and billing purposes; to comply with our legal and regulatory obligations, and to manage our business effectively. With your authority, we may also send you information about our services or events that we think may be of interest to you. We will seek your written consent to do this.

Sharing your personal data with third parties

We may, on your authority, work with other professionals to progress your matter, and may need to disclose relevant information about you to them. Examples include barristers/ counsel, experts, costs specialists, other lawyers etc. We will seek your consent to do this.

Where there is another party(ies) to your matter (i.e. opponent in litigation, buyer/seller to a property transaction etc.), we will liaise with their legal representative (or the third party directly if they are not represented) in order to progress your matter. This may involve us disclosing relevant information about you, to this party(ies) in order for us to provide our legal services to you (to perform our contract with you). Please contact us if you have any queries about this.

Sometimes we outsource part of our work to other people or companies to improve efficiency and your client experience. We will always carry out due diligence and obtain confidentiality undertakings from such outsourced providers. We will seek your written consent as to whether you are happy for us to outsource relevant aspects of your file as appropriate to our providers. If you would like more information about our outsourcing arrangements, please contact us.

We may in some cases consult credit reference agencies in order to assess your creditworthiness. If you are an individual, we will seek your written consent before we do this. Please note that if you withhold your consent, this may limit the payment options that will be available to you. For example, we may not complete work for you unless you have made a payment on account. Details of the credit agency we use are available on request.

The Firm may become subject to periodic checks by Law Society approved consultants and/or assessors and compliance specialists that we engage the support of. This could mean that your file is selected for checking, in which case we would need your consent for the checking to occur. All such checks are conducted by individuals who have provided the Firm with a confidentiality undertaking. We will seek written consent as to whether you are happy for your file to be selected for file auditing and vetting. If you refuse to give us consent to checks, your refusal will not affect the way your case is handled in any way.

Contacting you

We may correspond with you by email if you provide us with an email address, unless you advise us in writing that you do not wish us to do so. You acknowledge that email may not be secure. Email will be treated as written correspondence and we are entitled to assume that the purported sender of an email is the actual sender and that any express or implied approval or authority referred to in an email has been validly given. Please be aware that the Firm may monitor and read any email correspondence travelling between you and any mail recipient at the Firm as part of its monitoring activities to ensure compliance with its Information Management and Security Policy.

We will aim to communicate with you by such method as you request. More often than not this will be in writing but may be by telephone if it is appropriate.

Where you provide us with fax or email addresses for sending material to, you are responsible for ensuring that your arrangements are sufficiently secure and confidential to protect your interests. You must tell us if this method of communication is not secure so that can use an alternative method.

Protecting personal data

The internet is not secure and there are risks if you send sensitive information in this manner or you ask us to do so. Please be aware that the data we send by email is not routinely encrypted.

We will take reasonable steps to protect the integrity of our computer systems by screening for viruses on email sent or received. We expect you to do the same for your computer systems.

Bank details

It is very unlikely that we will change our bank account details during the course of your matter. In any event, we will never contact you by email to tell you that our details have changed. If you receive any communications purporting to be from this firm, that you deem suspicious or have any concerns about (however slight), please contact our office by telephone straightaway.

Holding your personal data

During the progress of your matter, we may hold your information both electronically and in paper format. We will use all reasonable measures to ensure that your information remains confidential and will advise you immediately if we believe that any of your information has been released. We have procedures in place with our staff members to ensure that your information is only seen by members of staff who have a legitimate reason for accessing your file, such as fee earners and support staff working on your file and senior members of the firm for the purposes of supervision, checking your file for quality purposes or to deal with any complaints.

Retention and destruction of your personal data

Once your matter has concluded, we will hold your files in our archive storage (paper files) or archive them on our file management systems (electronic files) for at least 6 years from the date that the matter is closed in line with our retention periods. After that period has elapsed, we will destroy your file securely and/or delete it from our electronic records. Once that has happened, your file will no longer be available.

Transferring your personal data outside of the United Kingdom (UK)

We may transfer your personal data outside of the UK where our storage and/or backup systems are hosted outside of the UK. However, we ensure that appropriate safeguards are in place obliging our system and storage providers to process your personal data to the standards expected in the UK. Our providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your data safe.

If you are a third party or the other side to our clients’ matters

Personal data that we may receive about you

We will receive information (including personal data) about third parties that are involved with our clients’ matters. For example, opponents to our clients in litigations matters, executors, and beneficiaries to a Will etc. We will primarily receive information about you from your legal representative unless you are unrepresented and provide this to us directly.

How we use your personal data

We receive this information so that we can provide legal services to our client and therefore our legal basis for processing your information is for our client’s legitimate interests in respect of the legal services that we are providing to them. Your legal representative (if you have one) should have informed you of their purposes for processing personal data and explained that they would need to share your information with us to progress your matter.

Legal basis for processing your personal data

We keep your information confidential and will not disclose it to third parties unless disclosure is:

  1. Authorised by you;
  2. Necessary for the performance of a contract;
  3. Required by law or our professional rules;
  4. Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or
  5. Necessary to protect your vital interests or those of another person i.e. to protect a life.

Our reasons for processing your personal data will also fall into at least one of the five categories listed above.

Where we process any special categories of your personal (such as health data, racial or ethnic data, religious data etc.), our processing will be based on at least one of the following conditions:

  1. Explicit consent from you.
  2. It is necessary to protect your vital interests or those of another natural person where you are physically or legally unable to give consent.
  3. Processing relates to personal data which you have manifestly made public.
  4. Processing is necessary for the establishment, exercise, or defence of legal claims.

Please contact us if you would like more information about our legal basis for processing your personal data. 

Holding your personal data 

During the progress of our clients’ matters, we may hold your information both electronically and in paper format. We will use all reasonable measures to ensure that your information remains confidential and will advise you immediately if we believe that any of your information has been released. We have procedures in place with our staff members to ensure that your information is only seen by members of staff who have a legitimate reason for accessing your file, such as fee earners and support staff working on your file and senior members of the firm for the purposes of supervision, checking your file for quality purposes or to deal with any complaints.

Retention and destruction of your personal data

Once our clients’ matters have concluded, we will hold your information on our clients’ files in our archive storage (paper files) or archive them on our file management systems (electronic files) for at least 6 years from the date that the matter is closed in line with our retention periods. After that period has elapsed, we will destroy our clients’ files securely and/or delete it from our electronic records. Once that has happened, your information will no longer be available.

Transferring your personal data outside of the United Kingdom (UK)

We may transfer your personal data outside of the UK where our storage and/or backup systems are hosted outside of the UK. However, we ensure that appropriate safeguards are in place obliging our system and storage providers to process your personal data to the standards expected in the UK. Our providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your data safe.  

If you have applied to work for us

How we use your personal data

All of the information you provide when you apply to work for us, will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. You do not have to provide what we ask for, but it might affect your application if you do not. 

Sharing your personal data

We will not share any of the information you provide during the recruitment process with any third parties unless authorised by you or required by law.

Legal basis for processing your personal data

Our legal basis for processing your personal data is two-fold:

  1. For our legitimate interests in ensuring that we have adequate recruitment procedures and undertake the right checks to ensure that we recruit the right candidate; and 
  2. To meet our legal obligations, particularly those relating to equality and diversity.

Retention of your personal data 

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.

If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the vacancy.

Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the vacancy.

Equal opportunities information is retained for 6 months following the closure of the vacancy whether you are successful or not.

Transferring your personal data outside of the United Kingdom (UK)

We may transfer your personal data outside of the UK where our storage and/or backup systems are hosted outside of the UK. However, we ensure that appropriate safeguards are in place obliging our system and storage providers to process your personal data to the standards expected in the UK. Our providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your data safe.  

If you are current employee or former employee

How we use your personal data

We obtain your personal information for the following purposes:

  • Contact details
  • Bank details
  • Pension details
  • Tax details
  • Pay details
  • Annual leave details
  • Sick leave details
  • Performance details
  • Qualifications
  • Employment history
  • Ethnicity details
  • Health details (as relevant)
  • Training records
  • DBS checks (as required)

Legal basis for processing your personal data

We keep your information confidential and will not disclose it to third parties unless disclosure is:

  1. Authorised by you;
  2. Necessary for the performance of a contract;
  3. Required by law or our professional rules;
  4. Necessary for the purposes of our legitimate interests or those of a third party (in other words, we have a compelling justification for the disclosure); or 
  5. Necessary to protect your vital interests or those of another person i.e. to protect a life.

Our reasons for processing your personal data will also fall into at least one of the five categories listed above.

Where we process any special categories of your personal (such as health data, racial or ethnic data, religious data etc.), our processing will be based on at least one of the following conditions:

  1. Explicit consent from you.
  2. It is necessary for carrying out and exercising specific rights of the controller or the data subject in the field of employment law.
  3. It is necessary to protect your vital interests or those of another natural person where you are physically or legally unable to give consent.
  4. Processing relates to personal data which you have manifestly made public.
  5. Processing is necessary for the establishment, exercise, or defence of legal claims.

Please contact us if you would like more information about our legal basis for processing your personal data. 

Our legal basis for processing your personal data is two-fold:

  1. For our legitimate interests in ensuring that we have adequate personnel records; and 
  2. To meet our legal obligations as employers.

Sharing your personal data 

We will share your information with the following third parties:

  • HMRC
  • The firm’s pension provider
  • The firm’s payroll provider
  • The firm’s IT support provider
  • Solicitors Regulation Authority (as applicable)
  • The Law Society (as applicable)

Retention of your personal data

Your employee file for the duration of your employment plus 6 years following the end of your employment.

Transferring your personal data outside of the United Kingdom (UK)

We may transfer your personal data outside of the UK where our storage and/or backup systems are hosted outside of the UK. However, we ensure that appropriate safeguards are in place obliging our system and storage providers to process your personal data to the standards expected in the UK. Our providers are bound by the same data protection laws as us, meaning that they have the same obligations to keep your data safe.

Your Rights

If you are an individual, you have the following rights under the UK General Data Protection Regulation (UK GDPR): 

  1. Right to access personal data – you can request details from us of the personal data that we hold about you.
  2. Right to object to processing – you can tell us that you want us to stop processing your personal data.
  3. Right to object to automated individual decision making including profiling – you can object to us making decisions about you solely by using a computer system without any human consideration. We do not currently do this.
  4. Right to rectification – you can ask us to correct personal data that we hold because you believe it is inaccurate.
  5. Right to erasure – you can ask us to delete the personal data that we hold about you.
  6. Right to restrict processing – you can tell us that you only want us to use the personal data for a specific reason.

Please note that these rights are not absolute rights (they are not rights that will be automatically granted), as we have to consider whether there are any reasons why we cannot meet your request. For example, we will not be able to delete data that we are legally obliged to keep. We will let you know if we are not able to meet your request and the reason why (where it is appropriate to disclose this information to you). 

You also have the right to complain to the Information Commissioner’s Office (ICO) if you are not happy with the way that we handle your personal data. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by calling the ICO’s helpline on 0303 123 1113.

Please note that where you provide consent to us using your personal data, you are entitled to withdraw that consent at any time. You can do this by informing your file handler or contacting our designated Data Protection Manager.

Links to other websites

This Privacy Notice does not cover any links to other websites that have been included on our website. Please read the Privacy Notices on the other websites that you visit. 

Changes to our privacy policy

This privacy notice is reviewed regularly and was last updated in March 2023.