The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 are now in force.
This notice explains how we collect and use personal data about you in accordance with the above regulations and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time in the United Kingdom.
For the purpose of Data Protection legislation we, Gibsons, are a Data Controller. This means that we are responsible for deciding how we hold and use personal data about you.
How do we collect information from you?
We obtain information about you when you engage us to deliver our services and/or when you contact us to enquire about our services, through our website or by email, telephone or post. We may also obtain information about you from third parties and/or publicly available resources such as Companies House.
What type of information do we collect from you?
The personal information we collect from you will vary depending on which services you engage us to deliver. The personal information we collect might include your name, address, telephone number, email address, your Unique Tax Reference (UTR) number, your National Insurance number, bank account details, your IP address, which pages you may have visited on our website and when you accessed them.
How is your information used?
In general terms, and depending on which services you engage us to deliver, as part of providing our agreed services we may use your information to:
- contact you by post, email or telephone
- verify your identity where this is required
- understand your needs and how they may be met
- maintain our records in accordance with applicable legal and regulatory obligations
- process financial transactions
- prevent and detect crime, fraud or corruption
We will only retain your personal data for as long as necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
- the requirements of our business and the services provided
- any statutory or legal obligations
- the purposes for which we originally collected the personal data
- the lawful grounds on which we based our processing
- the types of personal data we have collected
- the amount and categories of your personal data
What is the lawful basis for our processing your information?
We rely on the following legal bases to use your personal data:
- on a contractual basis where it is needed by us to perform our contractual obligations to our clients, third party/data sharers, suppliers and employees.
- where it is in our legitimate interests to do so to make and/or to maintain contact with our corporate contacts to provide them with various information and communications.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Any staff with access to your information have a duty of confidentiality under the ethical standards that this firm is required to follow.
Third Party Service Providers working on our behalf
We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf, for example to process payroll or basic bookkeeping. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
Please be assured that we will not release your information to third parties unless you have requested that we do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention and detection of crime, fraud or corruption
Updating your information
Keeping your information up to date and accurate is important to us. We commit to regularly review and correct where necessary, the information that we hold about you. If any of your information changes, please email, write to or telephone us.
Security precautions in place to protect the loss, misuse or alteration of your information
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights in connection with personal data
Under certain circumstances, by law you have the right to:
- Request access to your personal data. This enables you to receive details of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this basis. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to you or another data controller if the processing is based on consent, carried out by automated means and this is technically feasible.
If you want to exercise any of the above rights, please let us know by contacting us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please let us know by contacting us.
Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Changes to our privacy notice
We keep this privacy notice under regular review and will place any updates arising from changes in the law or for operational reasons on our website at www.gibsonsllp.com.
This privacy notice is effective from 25 May 2018.
We use a small amount of cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.
Below is a list that describes the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent’ policy which means that we assume you are happy with this usage.
If you are not happy, then you should either not use this site, or you should delete Gibsons’ website cookies having visited the site, or you should browse the site using your browser’s anonymous usage setting (called “Incognito” in Chrome, “InPrivate” for Internet Explorer, “Private Browsing” in Firefox and Safari etc.)
Google Analytics – We use this to understand how the site is being used in order to improve the user experience. User data is all anonymous.
Social buttons – On some of the pages of the site you will see ‘social buttons’. These enable users to share or bookmark the web pages. There are buttons for: Twitter, Facebook ‘Like’ and LinkedIn ‘Share’.
In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of this website.
You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on the Gibsons website. If you click on any of these buttons, these sites will be registering that action and may use that information.
In some cases these sites will be registering the fact that you are visiting Gibsons’ website, and the specific pages you are on, even if you don’t click on the button if you are logged into their services, like Google and Facebook.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
Email tracking – Some emails we send we put in tracking so that we can tell how much traffic those emails send to our site, we do not know who has clicked so the data is anonymous e.g. the Topical Tips newsletter.
Surveys and Polls – From time to time we may publish surveys to the website. Participation in these surveys or contests is completely voluntary and you as the user therefore have a choice whether or not to disclose this information.
Please contact us by telephone or web-enquiry via www.gibsonsllp.com
We seek to resolve directly all complaints about how we handle your personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office at
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745