Introduction
This privacy notice contains important information on who we are and how and why we collect, store, use and share your personal information. It also details your rights in relation to your personal information and how to contact us or the Information Commissioner’s Office (ICO) in the event you have a complaint.
WHO WE ARE
At Cannon Nominees, we may collect personal information about you and others in the course of conducting our business. Our handling of this data is governed by the Data Protection Act and the UK General Data Protection Regulation (UK GDPR). For the purposes of these laws, we act as the ‘data controller’ of any personal information we collect.
The personal information we collect and use
Information collected from you
The personal information that we process includes:
- Basic details, such as your name (including any prefixes or titles), the company you work for, your job title or position, and your relationship to a third party.
- Contact details, including your postal address, email address, and telephone number.
- Financial information, such as details required for processing payments.
- Technical data, including information collected from your visits to our website and from electronic communications or materials we send to you.
- Information submitted through our website, including any personal data provided via online forms.
- Event-related details, such as information provided when registering for meetings or events, including any access or dietary requirements.
- Identification and background information, either supplied by you or obtained during our onboarding or matter inception processes.
- Client-related personal data, which may be provided by or on behalf of our clients, or generated by us in the course of delivering our services. This may include special category data where relevant.
- Any other personal information you choose to share with us.
Information collected from other sources
If you become a client, we may need to request and process additional information from a range of third-party organisations in order to deliver our legal services. These third parties may include government bodies, other parties involved in a transaction, and professional advisers. For instance, we may need to obtain details of your property ownership from the Land Registry or the sale price of a property from your estate agent.
Some of the information we collect may fall under the category of sensitive personal data, also known as ‘special category data’. This could include, for example, medical records from your GP or hospital, or financial information from your accountant. We will always seek your explicit consent before requesting such information and will implement strict safeguards to protect its confidentiality.
How we use your personal information
We may use personal information for the following purposes:-
- To process information relating to third parties involved in our clients’ legal matters.
- To meet our regulatory and legal obligations, including those under the Solicitors Regulation Authority Code of Conduct, financial audit requirements, and anti-money laundering regulations.
- To manage and operate our business effectively—for example, by analysing the services we provide and the geographical sources of our work to inform resource planning across our office locations.
- To maintain, improve, and monitor the performance and usage of our website.
- To enable participation in interactive features on our website, such as submitting questions or requesting quotations.
- To communicate with you, including responding to enquiries using the contact information you provide.
- To send marketing communications to our clients, unless they have opted out.
We will obtain your consent before:-
- Sending marketing communications to individuals who are not our clients
- Processing personal data submitted as part of a job application through our website
We rely on the lawful basis of contract performance when:-
- Processing client data in the course of delivering our legal services
Who We Share Your Personal Information With
We may share your personal data with trusted third-party service providers, carefully selected for their reliability and compliance with data protection standards. These third parties support us in delivering our legal services and fulfilling our regulatory obligations. The categories of third parties we share data with include:
1. Cloud Service Providers
We use a range of technology providers to manage our IT systems. This includes cloud-based platforms for our customer relationship management (CRM), practice management, document management, and case management systems.
2. Identification and Anti-Money Laundering Services
To comply with Anti-Money Laundering regulations and verify the identity of our clients, we share your details with an ID verification service. This service cross-checks your data against official databases. This process may leave a footprint on your credit file, but it does not affect your credit score.
3. Email Provider
All emails sent to or from Cannon Nominees are processed and stored through a secure, cloud-based email archiving and security solution.
4. Marketing Service Providers
We use Mailchimp and GoToMeeting, both hosted in the U.S., to send bulk communications such as newsletters and event invitations to subscribers on our marketing lists.
5. Outsourced Support Services
We may outsource specific administrative tasks to specialist providers. These services may include:
- Word processing
- Transcription
- Translation
- Photocopying
- Cashiering
- E-discovery
- Telephony
- Document review
6. Paper Records Management Services
We use third-party providers for the secure storage and confidential destruction of physical documents.
7. Website Analytics
To improve user experience and website performance, we use Google Analytics. Google may combine this information with other data they hold and use it to personalise advertisements on their network. We do not receive personally identifiable information through this service.
8. Other Professional Third Parties
With your prior consent, we may share your information with third parties involved in the provision of legal services. These may include barristers, government agencies, local authorities, medical professionals, and other expert consultants.
Sharing Your Personal Information
We may disclose your personal information to law enforcement or regulatory authorities if required by applicable law. Where legally permitted, we will make reasonable efforts to notify you before doing so.
In the event of a reorganisation or transfer of all or part of our business, your personal information may be shared with new Cannon Nominees entities or third parties responsible for continuing our services.
We will never sell, rent, or otherwise make your personal information commercially available to third parties without your explicit permission.
Information You Must Provide
Certain information is necessary for us to deliver our legal services and meet regulatory obligations. We will clearly indicate at the point of collection whether the information requested is required. If it is not essential, we will let you know.
Retention of Your Personal Information
We retain your personal information based on the type of legal service provided:
- General Legal Matters: Information is typically retained for 6 or 15 years after the conclusion of your matter. We will inform you of the exact period at the end of your case.
- Wills: Information relating to Wills is kept indefinitely, as questions regarding your intentions may arise after your death.
- Client Records: If you become a client, we retain your name, contact details, proof of identity, and basic personal data (e.g. date of birth) indefinitely. This helps us prevent fraud, identify returning clients, and manage potential conflicts of interest.
- Emails: All emails sent to or from Cannon Nominees are retained for 10 years to ensure consistency and traceability.
- Financial Records: These are stored separately for up to 6 years to comply with financial audit and VAT regulations.
- Website Entries: Information entered on our website is kept for 90 days.
- Other Data: All other personal data is retained in accordance with our internal Data Retention Policy, which assigns appropriate retention periods based on legal, regulatory, and operational requirements.
Transfers Outside the EEA and UK
We use reputable cloud service providers to store, process, and manage your data:
- Where possible, data processing occurs within the UK or European Economic Area (EEA).
- If data must be transferred outside the UK or EEA, we ensure appropriate safeguards are in place. For example, U.S.-based services such as Mailchimp are only used if they have contractual agreements adhering to GDPR and, where applicable, are certified under frameworks such as the EU-U.S. Privacy Shield (or its successor).
Your Rights Under GDPR
You have several important rights under the UK GDPR, all of which are free of charge. These include the right to:
- Access your personal data and supplementary information.
- Request correction of inaccurate or incomplete data.
- Request deletion of your personal data in certain circumstances.
- Receive your data in a portable format and transmit it to another service provider.
- Object at any time to the use of your data for direct marketing.
- Object to decisions made by automated processing (note: we do not currently engage in automated decision-making).
- Restrict or object to certain types of data processing.
Data Security
We take the security of your information seriously. We have implemented appropriate technical and organisational measures to prevent unauthorised access, accidental loss, or misuse of your personal data. All individuals handling your information are trained and bound by confidentiality obligations.
In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay.
We also ensure that all third-party providers we work with are carefully vetted, contractually obligated to maintain the security of your data, and only process it in accordance with our instructions.