HomePrivacy Policy

Privacy Policy

Your privacy and the security of your personal information is important to us.

This policy explains how we process your data as part of conducting our business.

Data Controller

The data controller for this website is Steenson Nicholls LLP.

Who do we collect information on?

This privacy notice applies to:

  • clients
  • third parties and intermediaries which include:
    • those who may be party to legal proceedings involving our clients and/or the services which we have been engaged to provide to our clients
    • those who are, work for or are agents of, suppliers or service providers who provide goods and services to us
    • those who apply for or express an interest in an employment or other similar position with us
    • visitors to our website steensonnicholls.com.
What constitutes personal information?

This means any information about you from which you can be identified. This includes but is not limited to name, address, date of birth and gender.

How do we collect and use information about you?

We collect personal information either directly from you when you retain us to provide services or use of our website or indirectly from intermediaries, providers of independent or background checks or publicly available sources.

By using our website or otherwise contacting us, obtaining services from us or by providing your personal information to us via the contact option on this website, you acknowledge that you have read and understood this policy.

General visitors

No personal information is collected about general visitors to our website.

The personal information we hold

We collect a variety of information from you and about you.  The extent of the information collected will depend on a variety of factors including the nature of the relationship between us and the extent of the contact with you, including but not limited to your contact details including your full name, postal address, email or other electronic communication addresses and telephone numbers.

In certain circumstances we may also record your job title and other identification information as set out below.

  • KYC information and documentation which may be required by us to fulfil our legal and regulatory requirements. This may include, but is not limited to, identity information such as your passport or other identity document details, date of birth, nationality, place of birth and country of residence, job title and other information concerning your background (which may include sensitive information such as criminal records).
  • Information provided in the course of the provision of legal services such as information on professional relationships and background, financial wealth and assets held, transactions entered into, legal advice given (and any actions taken as a result of such advice) tax status, disputes and court proceedings engaged in which may also include sensitive information such as marital status, mental and physical health and criminal allegations or convictions.
  • Financial information such as payment related information.
  • Information provided to us in respect of an application for or expression interest in employment with us such as personal information relating to your education and employment history, professional qualifications, your nationality, your immigration, right to work or residential status.
  • We may also collect information from third parties.  This may include information such as references, or background checks provided by agencies such as credit reference agencies.
  • In addition we may also obtain information about you from public sources, such as information available through social media.
  • Any other information which you may provide to us.
How and why we use personal information

For each of the purposes for which we process information, we rely on one or more of the following legal justifications:

  • contractual necessity
  • legitimate business interest
  • legal and/or regulatory requirement
  • consent
  • legal proceedings

We process personal information for provision of legal services.

Automated decision making

We do not deploy systems or procedures that make a decision without human intervention.

Transfer of information with third parties

We may transfer your personal information to others:

  • For the purpose of providing legal services
  • To other members or associates of your organisation;
  • To a regulatory, governmental or judicial authority with whom we are legally obliged to share your information.

We will seek to ensure that our suppliers and service providers are contractually bound to process your personal information in line with our policies and that they have adequate measures in place to protect your information from unauthorised access, disclosure, loss or destruction.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information in accordance with our instructions.

GDPR rights

Under the General Data Protection Regulation (GDPR) you have the right to:

  • Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not have to pay a fee to access your personal information but we may charge a reasonable fee if your request for access is unjustified or excessive. We may also refuse to comply with the request in such circumstances.
  • Request correction of the personal information that we hold about you.
    This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
  • Object to processing of your personal information where we are relying on our legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal information to another party.
  • Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification in writing that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

These rights are subject to certain exemptions and conditions. We may decline to comply with any request to delete or restrict the use of your information if we still require that information for any legal, regulatory or contractual reason. Where we are processing your information on the basis of contractual necessity, or legal or regulatory requirement, it is likely that the provision and processing of such information will be mandatory. In addition, in the event that you choose not to provide any personal information or to exercise one or more of the rights above to restrict the processing of your information, this may restrict the services which we are able to provide or we may have to decline to act on your behalf.


We take our responsibility to secure your information extremely seriously.  We have implemented robust systems and policies and procedures to prevent and detect any incidents where your information may be subject to unauthorised access, use or disclosure.

In the unlikely event of a security breach, we will take all necessary steps to identify the cause and mitigate the effects. Where necessary, we will also notify you in accordance with our obligations under the GDPR.

Retention of data

We will keep your personal information for as long as necessary to fulfil the purpose for which we have collected it.  In relation to client matters it is our policy to retain data for 15 years from the conclusion of the case subject to the following exceptions:

  • where we consider it necessary to protect ourselves from a legal claim or potential dispute in connection with any services we have provided, we will keep the data for the relevant limitation period;
  • where the data cannot be deleted for legal, regulatory or technical reasons.
Who can I contact?

If you have any questions in respect of this privacy policy please send your request to [email protected].

If you are dissatisfied with our response and you wish to make a formal complaint please direct any such complaint to:

Office of the Information Commissioner

Brunel House, Old Street, St Helier, Jersey, JE2 3RG



We do not use “cookies” on customer-facing sections of this website, but we use third party software to track general usage information which may enable us to compile reports that we may use to improve the site.


Steenson Nicholls LLP does not control and is not responsible for the privacy policy of any website or organisation to which this website provides links. By including hyperlinks or connections to such websites we do not imply any endorsement of them or any association with their owners or operators.

Whilst we endeavour to safeguard your information we cannot ensure or warrant the security of any information that you may transmit to us.