Data Retention Policy

Where you are a client

We will retain your data in accordance with our current data retention policy. See lower down this page.

Where you are not a client

If you are not a client and have signed up to our eNewsletter, you can unsubscribe at any time and ask us to delete any data we hold at any time.

If you are a third party

We will retain your data in accordance with our client’s instructions and any data retained within our digital or paper filing system or storage will be subject to our data retention policy.

Our current Data Retention Policy (10 12 2020)

Stewart & Bennett will be a "controller" of the personal information that clients and some third parties (“clients”) provide to us.

How long must we store data?

1. We as a law firm acting on behalf of clients in a range of work for them need to store data for as long as we act for clients, and in many cases so that when they instruct us as repeat/returning clients we can recall previous work for them, including but not limited to knowing their personal information, the nature of their employment or business, their ownership, tenancy or other holding of property and assets, the existence and content of their will (we require to hold wills by default/in absence of instructions otherwise indefinitely during the life of a client and also for a period after their death), having possession on behalf of clients other documents including powers of attorney, contracts, financial documents, and also data on previous work which will be useful and/or necessary in carrying out further work;

2. We will store data as long as clients actively instruct us to do so.

3. In order to be accountable to regulatory, law enforcement, statutory and government authorities for our contractual actings for clients we require to retain data for various periods of up to 20 years (long negative prescription period under Scots law) in the event that a client or regulatory organisation enquires about and/or challenges our work. See also our Data Protection Policy. The regulatory bodies to whom we are responsible include, but are not limited to: the Law Society of Scotland, the Scottish Legal Complaints Commission, HMRC, Revenue Scotland, and all law courts.

Clients’ rights

Clients can exercise any of the following rights and, enquire about the retention of their personal information or require us to amend/correct or delete personal information by writing to us at property@stewartbennett.com, or telephone 01369 702885 or write to Stewart & Bennett Solicitors and Estate Agents, 82 Argyll Street Dunoon PA23 7NJ.

Any requests, instructions or requirements received by Stewart & Bennett will be considered under applicable data protection legislation. If clients remain dissatisfied, they have a right to raise a complaint with the Information Commissioner's Office at www.ico.org.uk.

Retention of personal data

We will keep clients’ personal data for as long as they are using our services. Once they cease using our services, the personal data will be securely destroyed if it is no longer required for the purpose for which it was obtained or used. For the avoidance of doubt, the period we retain your data will be affected by one or more of the following considerations:

• Our expectation that clients will instruct us again in future in circumstances in which we need to have their data already on hand.

• Any statutory period of prescription or limitation of action by or against clients as a party to a case or transaction (including as an executor of a deceased person’s estate and/or as trustee of a trust), and/or against Stewart & Bennett as their solicitor.

• Any period until a Law Society of Scotland regulated inspection of Stewart & Bennett under the Solicitors (Scotland) Act 1980 and related legislation.

• Any periods during which the Scottish Legal Complaints Commission are investigating and/or adjudicating a complaint against us by a client or third party.

• Any period over and during which HMRC and/or Revenue Scotland and/or Police Scotland may carry out investigation of the client and/or Stewart & Bennett as a firm/business.

• The long negative prescription period of 20 years.

If clients have consented to receive marketing information from us, we will retain any personal data used for marketing purposes for two years or until clients notify us that they no longer wish to receive this information.

Measures in place to ensure the protection of any Children’s or Special Category of data held

We ensure any children’s or special category of data we hold are properly stored in our access controlled data store on our Network and in our firm’s Practice Management systems which, again, can only be accessed through a secure username and password. Any data of this nature held in paper files, is held in secure filing cabinets within our offices which are locked and alarmed when unoccupied. This data is only accessed by solicitors and staff members within our firm and no access is available to third parties in respect of this data. Data is stored in our access controlled data store on our Network and in our firm’s Practice Management systems which, again, can only be accessed through a secure username and password.

Personal data processed by third parties on our behalf

Your personal data will be processed by third parties with whom we are required to deal with when acting properly and lawfully for you. Examples of such parties are professional searchers, our IT support company and our practice management system support desk, and our secure shredding company. This list is not exhaustive and will change from time to time. If you require specific details, please contact us. We are regulated by The Law Society of Scotland and they have a right of access to our books and records to carry out regulatory inspections. They may remove personal data from our premises and systems in order to carry out regulatory checks. Our eNewsletter and other email marketing activities are managed by Client Communications Ltd. You can view their Privacy Statement here: http://www.clientcommunications.co.uk/privacy-policy/. Client Communications Ltd uses The Rocket Science Group LLC, of the State of Georgia, USA, trading as MailChimp to process the data for our eNewsletter and email marketing campaigns. MailChimp has certified its agreement to the EU-US Privacy Shield Framework. You can view its Privacy Policy here: https://mailchimp.com/legal/privacy/.

This policy has been created and last updated on 10 December 2020. It will be updated and reviewed from time to time.