You may have certain rights under Applicable Data Protection Laws if we process your Personal Data, for example the right to:

    1. withdraw consent to processing;
    2. receive certain information about our processing activities;
    3. request access to your Personal Data that we hold (including receiving a copy of your Personal Data – this is commonly called a Data Subject Access Request or DSAR);
    4. prevent our use of your Personal Data for direct marketing purposes;
    5. ask us to erase Personal Data if it is no longer needed by us for the purposes for which we collected or processed it – or ask us to rectify inaccurate data or to complete incomplete data;
    6. restrict our processing of your Personal Data in specific circumstances;
    7. object to processing of your personal data which we undertake on the basis of our legitimate interests or in the public interest;
    8. request a copy of an agreement under which we transfer your Personal Data outside the UK;
    9. object to decisions we make about you, if any, based solely on automated processing of your Personal Data (e.g. profiling);
    10. prevent processing of your Personal Data that is likely to cause damage or distress to the you (if you are the Data Subject) or anyone else;
    11. be notified of a loss of your Personal Data or loss of access to your Personal Data (Personal Data Breach) which is likely to result in high risk to your rights and freedoms;
    12. in limited circumstances, receive or ask for your Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format;
    13. make a complaint to the data authority – in the UK this is the Information Commissioner’s Office (ICO) and in the EU or EEA it is via our Data Protection Representative.

How to exercise your rights. If you would like to exercise any of the rights listed above, please direct your request to dataprotection@stewartslaw.com or in writing to: Data Protection Team, Stewarts Law LLP, 5 New Street Square, London, EC4A 3BF.

What we can ask from you before we consider your request

Your identity for example:

    • First and last name (including any other names you have been known by which may be relevant to your request)Your home address, date of birth and identification
    • which clearly shows the same (such as passport, NI number, or driving licence)
    • Email address

If different, the relevant Data Subject’s identity for example:

    • First and last name (including any other names they have been known by which may be relevant to your request)
    • Their home address, date of birth and identification which clearly shows the same (such as passport, NI number, or driving licence)
    • Email address
    • Proof of your authority to act on the Data Subject’s behalf.

Streamlining your request. Our legal requirement is to carry out a reasonable and proportionate search for your personal data.  You can help us respond to your request effectively by providing us with as much relevant information as you can. For example:

      1. If you have had dealings with Stewarts, the names of individuals you have dealt with at Stewarts, the approximate dates and, if you were a client or otherwise involved in a case, a matter reference if you have it.
      2. We may request further clarification of certain aspects of your request so that we can deal with it under the Applicable Data Protection Laws.
      3. If we think we still need reasonable clarifications from you, we will let you know.

What we can disclose to you. Sometimes we may not be able to give you some or all of the information you request, or satisfy your request in the way that you have asked us to, for reasons permitted or required under Applicable Data Protection Laws. For example, if you make a DSAR we may not disclose information to you about another Data Subject. Or if you ask us to stop processing your Personal Data, we may be required to continue processing if there is a lawful basis for doing so, such as fulfilling contractual obligations. In all such cases, we will address your request properly and any applicable exemptions under the Applicable Data Protection Laws. We will explain to you if and why we think we can’t comply with your request in the way you want us to.

Statutory timelines for our response. We will always aim to respond to your request within the statutory timelines. This is usually one month but can be up to three months for complex requests. If we consider that we need or are entitled to further time to handle your request, we will explain why and aim to provide you with a reasonable estimate of when you can expect our response. The statutory timelines for responding to your request may be paused while we ask for evidence of your identity or reasonable clarification from you – please see above.

If you are not satisfied with our handling of a Data Subject Rights request please refer your concern to our Data Protection Officer at dataprotection@stewartslaw.com.  If you are not satisfied with their response, you can refer to our information regulator, the ICO at https://ico.org.uk