Ewings and Co respect your privacy. This Privacy
Notice (“Notice”) explains how we use (“Process”)
your personal information (including personal information that you provide
to us about other persons) (together, “Personal Information”).
It also explains your privacy rights and how you can exercise them.
Ewings and Co is responsible (i.e. it is the ‘Data Controller’) for the Personal Information it collects about you (including through the www.ewings.uk.com website).
The type of Information we collect and how we Process it will vary depending on the relationship we have with you (e.g. whether you are a client, a supplier, applying for a role with us, or someone else) and the context - see the relationship-specific sections of this Notice for further details.
Please note in particular that:
1. As a regulated law firm, we are required by applicable rules to undertake appropriate: (a) pre-hiring checks of our Staff and Partners; and (b) vetting of other third parties (including of our clients and related parties, and of suppliers). These checks/vetting may involve the collection of criminal and regulatory records where appropriate and legally permitted;
2. We monitor and record electronic communications to ensure compliance with applicable rules and law and our internal policies, and for business continuity purposes;
We will publish updates to the Notice on this website, with relevant changes highlighted as appropriate. Where we hold or Process your Personal Data, we will also take appropriate measures to inform you of any amendments which have a material impact on you and your ability to exercise your privacy rights.
To the extent that the engagement terms agreed with you include Data Processor requirements in respect of our use of Your Information which conflict with the provisions of this Notice, those requirements will apply in respect of Your Information which is collected and/or used by us solely as a Data Processor.
Subject to limited exceptions individuals have the right under applicable privacy laws to access and correct their Personal Information. If we have to provide Information in response to a request from someone whose data we hold in connection with your current or past matters (typically referred to as a ‘Subject Access Request’), we will discuss this (and any associated costs) with you as appropriate.
THE TYPES OF PERSONAL INFORMATION WE COLLECT
If you are a client, the amount of your Personal Information which we collect will typically be relatively limited. In certain circumstances, we will need to know more information about you and related persons. For example, where we are acting as a trustee or otherwise for you as an individual in respect of personal tax matters, wealth preservation and/or divorce proceedings we may need detailed Information about your relatives (next of kin, dependents, beneficiaries, guardians and associates) and personal assets, amongst other things. Your matters may also involve Sensitive Information, for example where we are defending you from criminal prosecution, or on litigation.
Under applicable anti-money laundering laws we have to obtain and hold satisfactory evidence of the identity of our clients and sometimes of related persons (including shareholders, beneficial owners, management, directors and officers), such as your/their passport/ID, proof of address and sources of wealth. We will need to: (a) see original documents; (b) check the Information you provide; (c) may use Your Personal Information to check your identity and background through electronic data sources; and (d) ask you for up-to-date evidence of identity.
If you do not provide us with this Personal Information, or if it is not satisfactory, we may not be able to act, or to continue to act, for you.
We are also required to report to the regulatory authorities’ suspicions of money laundering and terrorist financing. This will involve the Processing of Sensitive Information where applicable, such as details of criminal allegations and/or findings, regulatory action, and related proceedings which are reported in the press and electronic/other data sources.
Further information for applicants for a role
As a regulated law firm, we are required to undertake appropriate pre-hiring checks of Staff and Partners. These are undertaken once you accept an offer, and subject to strict controls. We will only undertake those specific checks on you which are legally permitted.
If you do not provide the required Personal Information (or your consent to Personal Information held by third parties being disclosed to us where applicable), we will not be able to hire you.
We adopt a risk-based approach to our pre-hiring checks, which will include verifying your identity; nationality/right to work; and academic/legal qualifications and experience. The types of Personal Information which will typically be collected as part of our checks includes:
|Personal details||Such as copies of your passport and/or ID card; your driving licence (where required in connection with your role); your home contact details and personal address history.|
|Right to work||Including your nationality and any required work permit included in your passport.|
|Professional and academic details||Including your educational, academic and vocational (e.g. LPC/BVC) certificates, admission certificate and practising certificate if you have one. We will also review your current employer's website and your LinkedIn profile to confirm your current position where appropriate.|
|References from the referees you provide to us as part of your Application||Including confirmation of your work history, competencies and previous salary where appropriate.|
Where we are legally permitted to do so, these checks
will involve the Processing of Sensitive Information - for example, by asking
you if there are any criminal offences or regulatory decisions, orders,
or related factors (including details of any judgments involving the payment
of money) which would affect our ability to hire or remunerate you for the
Further information for suppliers and external advisers
As a business, we are under legal and regulatory obligations to perform appropriate vetting of our suppliers and external advisers. This includes ensuring that you have appropriate compliance systems, policies and procedures on information security and data protection, and for the prevention of economic crimes (such as money laundering, tax evasion, fraud and bribery and modern slavery).
If you do not provide the required vetting information, we may not be able to engage you. We will notify you at the relevant time if this is the case.
We adopt a risk-based approach to our vetting, based on the sensitivity of the information you will have access to and the work you will undertake for us. In certain circumstances where we are legally permitted to do so, this will involve the Processing of Sensitive Information (such as allegations or findings of criminal acts, regulatory action and related proceedings) which are disclosed to us by you or your employer.
Sometimes we will need to: (a) see original documents; (b) check the information you or your employer provide; and (c) use Your Personal Information to check your identity and background through electronic data sources
WHERE IS YOUR PERSONAL INFORMATION STORED AND WHO WILL IT BE SHARED WITH?
We understand the importance of keeping your Personal Information secure. Your work contact details and a marketing profile will be added to our internal contacts database (which is accessible by our international offices).
HOW LONG WE KEEP YOUR INFORMATION
After the expiry of the retention period- usually six years, we may dispose of your matter files (including your Personal Information) without further notice to you, except for any documents or deeds that we have agreed in writing to hold for safe keeping.