Sterling Ford - Insolvency & Bankruptcy Services


Privacy Policy Last Reviewed: 25/05/2018


Introduction


This Privacy Policy explains what information Sterling Ford ('we', 'us', and 'our') gather about you, what we use that information for, and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries. We take data protection very seriously and we are committed to protecting your personal information. This Privacy Policy describes how we handle personal information collected through www.sterlingford.co.uk ('our website') and by any other means. It is our policy to collect only the minimum information required from you. If you believe we have collected excessive information about you, please contact us by the means indicated in the Contact Us section below to raise any concerns you may have.


In this Privacy Policy your personal information is sometimes called "personal data". We sometimes collectively refer to handling, collecting, protecting or storing your personal information as 'processing'. Although you do not have to provide any of your personal information to us, if we ask you to do so and you refuse, we may be unable to provide you with the information, goods or services you want from us.



Data controller


Sterling Ford Associates Limited ('Sterling Ford') a limited company registered in England with number 09217576 with a registered address of Centurion Chambers, Centurion Court, 83 Camp Road, St Albans, Hertfordshire, AL1 5JN is registered as a data controller under registration number ZA249883.



Personal information


Personal information is anything that enables you to be identified or identifiable; e.g. your name, job title, company name, address, email address, telephone number, IP addresses and fax number.


Special category personal information


Special category personal information is personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. We do not expect to have to ask you to provide special category personal information in the provision of our services to you and we ask that you do not provide us with special category personal information.



Collection of personal information excluding special category information

Below are some examples of how you may provide personal information to us:

  1. via direct correspondence with us via meeting, phone, in writing, including by email or fax;
  2. searching and browsing our website for content;
  3. contacting us for further information;
  4. providing us with business cards or other contact information



Our website


Our website may link to third-party sites not controlled by us and which do not operate under our privacy practices. When you link to third-party sites, our privacy practices no longer apply. We encourage you to review each third-party site's privacy policy before disclosing any personally identifiable information.


Our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above. See: www.google.com/analytics/en-GB/index.html.



Use of personal information


When you provide personal information to us, we may use it for any of the purposes described in this Privacy Policy or as stated at the point of collection (or as obvious from the context of collection), including:

  1. To provide our services to you;
  2. To administer and manage our website, including to confirm and authenticate your identity and prevent unauthorised access to restricted areas of the site;
  3. To develop our businesses and services;
  4. To conduct quality and risk management reviews;
  5. To monitor and enforce compliance with our Terms, including acceptable use policies; and/or
  6. Any other purposes for which you provided the information to us, including any of the purposes given in the 'Collection of personal information' section above.

We do not collect personally identifying information for sale to third parties.



Legal grounds for processing personal information


We rely on one or more of the following processing conditions:

  1. To perform our contractual obligations to you or;
  2. Our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
  3. To satisfy any legal and regulatory obligations to which we are subject;
  4. Where no other condition for processing is available, if you have agreed to us processing your personal information.



Security of personal information


We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personally identifiable information we have collected, and such individuals have agreed to maintain the confidentiality of this information. Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.



Sharing personal information


We may transfer, share or disclose the personal data we collect from you to third parties (and their respective subcontractors, and/or their subsidiaries and affiliates) for:

  1. the purposes for which the information has been submitted;
  2. the purposes listed above under Use of Personal Information;
  3. the administration and maintenance of our website(s) and/or;
  4. other internal or administrative purposes.

We also may transfer, share or disclose personal data to third party service providers of identity management, website hosting and management, data analysis, data backup, security and storage services.


The third party providers may use their own third party subcontractors that have access to personal data (sub-processors). It is our policy to use only third party providers that are bound to maintain appropriate levels of security and confidentiality, to process personal information only as instructed by us, and to flow those same obligations down to their sub-processors.



International transfers of personal information


Your personal information may be transferred to and stored outside the country where you are located. This includes countries outside the European Economic Area (EEA) and countries that do not have laws that provide specific protection for personal information.
Where we collect your personal information within the EEA, transfer outside the EEA will be only:

  1. To you;
  2. To a recipient located in a country which provides an adequate level of protection for your personal information; and/or
  3. Under an agreement which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, e.g. standard (model) contractual clauses or;
  4. In exceptional circumstances only, with your explicit consent


Other disclosures


We may also disclose personal information to third parties under the following circumstances:


  1. When explicitly requested by you;
  2. For regulatory compliance purposes; and/or
  3. As otherwise set out in this Privacy Policy.


We may also disclose your personal information to law enforcement, regulatory and other government agencies and to professional bodies and other third parties, as required by and/or in accordance with applicable law or regulation. This includes disclosures outside the country where you are located.



Retention of personal information


We will retain your personal information only for as long as we need it, given the purposes for which it was collected, or as required to do so by law.br /> For further information, please refer to our Data Retention Policy below.



Marketing


We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. Where we are legally required to obtain your explicit consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so. If you opt into any subscriptions, you will receive automated emails when content is updated. If you opt into any newsletters, you will receive curated emails known as newsletters. If you want to unsubscribe from mailing lists or any subscriptions, you should look for and follow the instructions we have provided in the relevant communications to you. Alternatively, you can at any time contact us to request that such communications cease. If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.



Rights in relation to your information

You have certain rights in relation to the personal information we hold about you. In particular, you have the right to:

  1. Request a copy of personal information we hold about you;
  2. Ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
  3. Ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
  4. Object to our processing of your personal information; and/or
  5. Withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing).

If you would like to exercise these rights or understand whether these rights apply to you, please contact us.



Automated decision making


We will not use your personal information for automated decision making.



Contact us


If you have any questions or complaints about this Privacy Policy or the way your personal information is processed by us, or would like to exercise one of your rights set out above, please contact us by one of the following means:
By email: info@sterlingford.co.uk
By post: Data Protection Representative, Sterling Ford, Centurion Chambers, Centurion Court, 83 Camp Road, St Albans, Hertfordshire, AL1 5JN


You also have the right to lodge a complaint with your local data protection regulator, which in the UK is the Information Commissioner's Office (ICO). The ICO can be contacted by the following means:
By form: www.ico.org.uk/global/contact-us/email/
By telephone: 0303 123 1113 (+44 1625 545 700 if calling from outside the UK)
By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF


We may update this Privacy Policy at any time by publishing an updated version at sterlingford.co.uk/privacy. So that you know when we make changes to this Privacy Policy, we will amend the revision date at the top of this page. The new, modified or amended Privacy Policy will apply from that revision date, and, therefore, we encourage you to review this Privacy Policy periodically to be informed about how we are protecting your information.



Data Retention Policy


Sterling Ford ('we', 'us' or 'our') are committed to:

  1. Fully complying with all the requirements of the General Data Protection Regulation (GDPR).
  2. The efficient management of our records for the effective delivery of our services.

This policy explains how we will comply with our responsibilities and obligations under the GDPR and its principles relating to the storage and destruction of personal data.

This policy gives guidance about retaining, disposing and deleting the personal data for which we have a responsibility and/or obligation under the GDPR.



Scope


This policy applies to:

  1. All personal data that is stored by us whether kept on paper or electronically. This includes data of clients, prospective clients, staff, job applicants, contacts and suppliers. In respect of insolvency appointments, this also includes creditors, debtors and directors.
  2. This policy should be read and used in conjunction with our Privacy Policy above.



Objective


The objectives of this policy are to:

  1. Ensure we follow the GDPR and its principles relating to the storage, disposal and destruction of personal data.
  2. Ensure we comply with all applicable legal and regulatory requirements
  3. Ensue personal data is stored securely
  4. Ensure that personal data is not out of date
  5. Keep personal data accurate
  6. Assist with responding to subject access requests
  7. Ensure personal data that has been placed in storage can be found and retrieved quickly and efficiently
  8. Ensure the storage, disposal and destruction of personal data is carried out in a consistent and controlled manner
  9. Assist with audits
  10. Minimise storage requirements and costs
  11. Assist in the identification of the location of personal data
  12. Clarify responsibilities for implementing, complying and monitoring this policy



Definitions


Personal data means any information relating to an identified or identifiable person ('data subject') such as a name, postal/email address, telephone number or identification number.

Special categories of personal data means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation and data concerning criminal convictions or offences.

Data subject means any living individual who is the subject of personal data held by Sterling Ford.

Processing means any use of personal data such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, erasure and destruction.

Data controller means the organisation, which is Sterling Ford, which decides the purposes and means of the processing of personal data.

Data processor means an individual or organisation that processes personal data on behalf of a data controller.

Personal data breach means a breach of security leading to the accidental, or unlawful, destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data.

Staff means anyone working at or for Sterling Ford on a permanent or temporary basis, including Partners, Directors and permanent, interim and temporary employees, trainees and interns.



Principles

The relevant data protection principles for the purposes of this policy are that personal data must be:

  1. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimisation')
  2. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy')
  3. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to implementation of the appropriate technical and organisational measures in order to safeguard the rights and freedoms of the data subject ('storage limitation')
  4. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').

NOTE: Keeping personal data unnecessarily may use up valuable storage space, incur unnecessary costs and impose on us a significant liability risk.



Roles and responsibilities


The Management of Sterling Ford has ultimate responsibility for ensuring compliance with the GDPR, the data protection principles and this policy.

The day-to-day operational responsibility for ensuring Sterling Ford comply with the GDPR, the data protection principles and this policy lies with the firm's internal Data Protection Officer (DPO), who may be contacted at info@sterlingford.co.uk.

All staff have a responsibility to comply with the GDPR, the data protection principles and this policy when carrying out their duties.

Line managers are responsible for supporting staff's adherence with this policy.

Failure to comply with this policy may result in legal and/or disciplinary action.



Retention


We will destroy correspondence and other files that we store electronically or otherwise once we deem these to be no longer relevant except those that are required by law or professional guidelines to be kept for specified periods. Unless we are required to keep data for specified periods, we will typically keep it for no longer than seven years.



Disposal and Destruction


When the retention periods expire we must dispose of and destroy all personal data unless a Partner or Director authorises that such data should be retained.

Any personal data recorded on paper shall be shred securely.

Files currently in archive are stored at an in-house document storage facility. Any paper file retrieved from archive must be returned to archive as soon as the need has been fulfilled. If the data on the file is past its retention period at the point that the file is no longer required then the file shall be shred securely.

Files held in archive are securely disposed of periodically in accordance with the catalogued retention periods.

Unless filed in a permanent file or in other such way as to indicate a specified retention period, digital data will be automatically deleted after 7 years.

NOTE: Sterling Ford staff are required to adhere to this policy at all times. Retaining or destroying personal data in breach of this policy may be considered serious gross misconduct and may lead to dismissal.