Here at Lishmans LLP (“Lishmans”, “we”, “us”, or “our”), we are committed to protecting personal data.
This privacy statement describes both how and why we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point the data is collected.
Personal data means any information relating to an identified or identifiable living person. Lishmans processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.
Our policy is to be clear about why and how we process personal data. To find out more on our collection, use and retention of personal data please see “Collection of personal data”
We take the security of all the data we hold very seriously. We have policies in place which cover data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure. All staff are provided with training to ensure that they understand our security procedures.
Sharing personal data
We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put security mechanisms and contractual arrangements in place to protect the data.
Personal data held by us may be transferred to:
- Third party organisations that provide data processing or IT services to us
We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems. For example, providers of cloud based software, website hosting and management, data back-up, security and storage services. The servers powering and facilitating that cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.
- Third party organisations that assist us in providing goods, services or information
Auditors and other professional advisers
Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation
- Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with laws and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
Where personal Data will be processed
As with many businesses, we use third parties located in other countries to help us run our business. As a result, personal data may be transferred to these countries, including to countries outside the European Union (“EU”) and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully. Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.
Changes to this privacy statement
We will occasionally update this Privacy Statement to reflect company and customer feedback. We encourage you to periodically review this Statement to be informed of how we are protecting your information. This privacy statement was last updated on 16 May 2018.
Data controller and contact information
The data controller is Lishmans LLP (the limited liability partnership registered in England under registration no. OC403865 and with its registration address at 16-18 Station Road, Chapeltown, South Yorkshire, S35 2XH).
If you have any questions about this privacy statement or how and why we process personal data, please contact us at:
16-18 Station Road
Phone: 0114 2465348
Individuals’ rights and how to exercise them
All individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights. Information about the rights that individuals have and how it is possible to exercise them are detailed below.
Access to personal data
You have a right of access to personal data held by us as a data controller. To request access to your data, please email us at firstname.lastname@example.org. We aim to respond to any requests for information promptly, and will reply within the legally required time limits
Updating or amending personal data
To update personal data submitted to us, you may email us at email@example.com.
If we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information as soon as practically possible.
Withdrawal of consent
We do not generally process personal data based on consent, however, where we do process on this basis, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please email us at firstname.lastname@example.org.
Other data subject rights
As well as the rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data and the right to data portability.
If you wish to exercise any of these rights, please send an email to email@example.com.
We hope that you won’t ever need to, but if you do wish to make a complaint about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.
Collection of personal data
At Lishmans, our policy is to collect only the personal data required for the agreed purposes and we ask clients only to share personal data when it is strictly needed for these purposes. If we need to process any personal data we will ask our clients to provide this information to other data subjects (this could include family members where personal clients are involved).
Generally personal data is collected from our clients or from a third party acting on the instructions of the relevant client.
We offer a diverse range of services to Personal Clients and so we process many categories of personal data including Contact details, Business Activities, Family information, Income, taxation and other financial-related details and investments and other financial interests.
Occasionally, we may need to collect special categories of personal data. These categories include race or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, physical or mental health, genetic data, biometric data, sexual life or orientation and criminal records. We will only collect this data for certain services and we may also collect this data when required by law or with an individual’s consent.
Our Business Contacts
Lishmans processes personal data about contacts (existing and potential clients and individuals associated with them) using a customer relationship management system (the ‘Lishmans CRM’)
The collection of any personal data about contacts and addition of that data to the Lishmans CRM is initiated by a Lishmans user and will include name, employer name, contact information and any other business information. We may also collect data from Lishmans email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of events) systems.
Individuals whose personal data we obtain in connection with providing professional services to our clients
During the course of providing our services to clients we may obtain personal data relating to other individuals. We do ask clients only to share personal data where it is strictly needed. We do ask our clients to provide the necessary information to any data subjects whose data they may be sharing.
In order to manage our relationship, contracts and to receive services from our suppliers, including to provide professional services to our clients, we collect and process personal data about our suppliers (including subcontractors and individuals associated with our suppliers and subcontractors).
Use of personal data
We use personal data in the following ways:The provision of professional services
We provide a range of professional services which can require us to process personal data in order for us to provide these services. For example we will need to review payroll data as part of accounts preparation work.
Running our business
We process personal data in order to:
- Manage our relationships with our clients
- Develop our business and the services we offer our clients
- Maintain the usability of our IT systems and during the use of those systems.
- The management and administration of our website and other systems.
- Security, risk management and quality management
To ensure we monitor the quality of our services and minimise risks in relation to our clients we collect and hold personal data as part of our engagement process with clients. As part of our engagement and acceptance process with regards to clients we may carry out searches of publically available sources (e.g. internet searches) to identify politically exposed persons or individuals and organisations that have a higher risk. It is also to check there are no other issues that would prevents us working with a particular client (e.g. criminal convictions (including in respect of company directors) and also conduct or other reputational issues).
In order to protect our own and our client’s information (including any personal data) we have security measures in place to aid with detecting, investigating and resolving any security threats. As part of this security, personal data may need to be processed e.g. automated email scanning to identify harmful emails.
Providing information about us and our services to our clients
We may use client’s business contact details to provide information that we think may be of interest regarding us and our services unless asked not to. This may include information on other relevant services or invites to events we think may be of interest.
Complying with any requirement of law, regulation or any professional bodies of which we are a member
We are subject to legal, regulatory and profession obligations as are any providers of professional services. To do this we need to keep certain records so we can demonstrate that our services are provided in compliance with those obligations. These records may contain some personal data.
For Business Contacts
Any personal data relating to business contacts may be accessed and used by members of the Lishmans team. This enables them to learn more about an account, client or opportunity that they may have an interest in. This information may be used for the following purposes:
- Administering, managing and developing our business and services
- Providing information about our range of services and us
- Making contact information available to Lishmans users
- Identifying clients/contacts that have similar needs
- To describe the nature of a contact’s relationship with Lishmans
- Lishmans do not sell or otherwise release personal data contained in the Lishmans CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.
We collect and process personal data about our suppliers in order to manage the relationship, contract, to receive services from our suppliers and, where relevant, to provide professional services to our clients.
Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services. This enables us to manage our relationship with the supplier and the relevant individuals in order to provide the service to our clients.
Personal data processed by us will be retained by us for as long as it is considered necessary for the purpose for which is was collected (including as required by applicable law or regulation).
In the absence of specific legal, regulatory or contractual requirements, the baseline retention for records and other evidence created in provision of our services is 8 years.
For Business Contacts
Personal Data will be retained on the Lishmans CRM as long as is necessary for the purposes set out in the Use of Personal Data section (e.g. for as long as we have, or need to keep a record of, a relationship with a business contact).