Gentili Stark Solicitors Ltd is committed to safeguarding the privacy of our clients and all individuals whose personal data we store and process.
Gentili Stark Solicitors Ltd is the Data Controller. When this notice refers to ‘we’, ‘our’ or ‘us’ we are referring to Gentili Stark Solicitors Ltd. Our registered office is Niddry Lodge, 51 Holland Street, Kensington, London W8 7JB, UK.
For any questions regarding this Policy, contact us via email: firstname.lastname@example.org.
Where we process your personal data you may have the right:
You can seek to exercise these rights via email to email@example.com
The purposes for which personal data is collected can include:
We keep your data as long as is necessary in connection with the purpose it is collected for.
We will delete the information we hold about you as soon as we no longer need it or, where actionable, at your request.
Depending on the nature of our instructions, we may collect, store and use any of the following special categories of information about clients, prospective clients and/or about related parties to a matter:
We will only use such special category personal data where it is necessary for the performance of our contract with you or to take steps at your request before entering into a contract, and where you have either provided your explicit consent to such use or its use is necessary for the establishment, exercise or defence of legal claims.
We collect most of this information from you directly.
We may also collect information in the following ways:
We will only use your personal data if we have a proper reason for doing so.
The information you provide will be used to provide services you request from us and enable us to deal with your enquiry and immigration matters.
A legitimate interest is when we have a business or commercial reason to use your information, so long as your own rights and interests do not override this.
Suppose we need to process your sensitive information, such as your health records or trade union information, to proceed with your case. In that case, we’ll do so on the basis that processing is necessary for the establishment, exercise or defence of your legal claim.
You acknowledge that we are entitled to obtain, use, process, and disclose your personal information to enable us to discharge the services we have agreed to provide and other related purposes, including updating client records, analysis for management purposes, crime prevention, and legal and regulatory compliance.
We’ll need to process your personal data to conduct your claim or matter under our retainer. If you don’t provide us with this data, we won’t be in a position to assist you with your immigration matter.
We won’t use your personal data to carry out automated decisions about you - i.e. to use technology alone to make any processing decisions that carry legal effect.
Whilst acting for you, to assist with your case, we may share your personal information, including your name, contact details, personal circumstances and relevant information about your case with selected third party suppliers.
This will enable us to discharge the services which we have agreed to provide.
We only allow our service providers to handle your personal data if we’re satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. We may share your information with third parties where:
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Information may be held at our offices, third party agencies, service providers, representatives and agents.
We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will keep your personal data after we have finished advising or acting for you. We will do so for one of the following reasons:
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. As a general guideline we will not hold your data for more than six years after completion of your matter unless there is a specific need or you instruct us to do so. When it is no longer necessary to retain your personal data, we will delete or anonymise the data, both in its physical and digital form (as applicable).
We take reasonable steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. We store information in access controlled premises or in electronic databases requiring logins and passwords. We require our third party data storage providers to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk.
Following Britain’s withdrawal from the European Union on 31 December 2020, The General Data Protection Regulation will no longer apply to us and any transfers of personal data outside the UK that we make will be made in compliance with the UK General Data Protection Regulation.
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), for example:
These transfers are subject to special rules under European and UK data protection law.
Where the country to which we are transferring your personal data has not been assessed by the European Commission or Information Commissioner’s Office as providing an adequate level of protection for personal data, we will seek to ensure the transfer complies with data protection law and all personal data will be secure.
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
You have the right to ask us not to process your personal information for marketing purposes. When we collect contact information from you (for example, when you provide us with your business card or when you are the person instructing us on behalf of your employer), we may add your details to our contacts database and to our mailing lists. You can exercise the right at any time by sending us an email to: email@example.com
If you have any concerns about our use of your personal information, you can make a complaint to us at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
This privacy statement was published on 01.07.2021 . We may change this privacy statement from time to time and any changes will be published on our website.