Privacy policy and cookies

1. Introduction

1.1 Retail Leasing Ltd (“we”, “us”, “our”) is committed to respecting and safeguarding your privacy. This privacy policy (“Privacy Policy”) sets out the ways in which we collect and use your personal data (your personal information). It also explains what rights you have to access or change your personal data.

1.2 This Privacy Policy does not apply in respect of our processing of personal data in connection with our client engagements. For information regarding the processing of personal data by us in connection with our client engagements, please see our Client Privacy Notice in Section 13 below.  

1.3 Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 18. If you are under the age of 18, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 18.

2. About us

2.1 We are a limited company registered in England and Wales under number 15331591, with our registered address as set out below.

2.2 You can contact us as follows:

FAO: Juliet Levy

Address: Retail Leasing Ltd
5 Hartsbourne Close
Bushey Heath Hertfordshire WD23 1SA

Email: juliet@retailleasing.co.uk

This Privacy Policy was updated on 1 April 2024.

3. Overview

Please see the relevant heading below for more information on each of these areas:

4. How we collect your information

We will collect any information that you provide to us when you:

4.1.1 make an enquiry, provide feedback, or make a complaint over the phone, by email, or via our website;

4.1.2 submit correspondence to us by post, email, or via our website;

4.1.3 submit answers to  surveys, questionnaires and feedback forms to us in person, by post, email  or via our website;

4.1.4 subscribe to our newsletters, articles, bulletins, and other mailing lists;

4.1.5 register to and/or attend our events;

4.1.6 network with us (e.g. at law fairs, client events and/or other meetings or events either hosted or attended by us);

4.1.7 submit a CV and/or an application to a job vacancy; and

4.1.8 attend an interview or assessment.

4.2 We also capture visual data through CCTV in our office premises.

4.3 In certain circumstances, we will receive information about you from third parties. For example:

4.3.1 Employers, recruitment agencies and referees: if you are a job applicant we will contact your recruiter, current and former employers and/or referees to provide information about you and your application;

4.3.2 Service providers: we may collect personal information from our third party service providers, such as our email cloud service provider, email verification service provider, as well as financial crime compliance and KYC solutions provider;

4.3.3 Website security: we will collect information from our website security service partners about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful; and

4.3.4 Publicly available sources: we use publicly available sources such as Companies House, for instance to carry out identity and compliance checks.

4.4 We also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

 

5. What information we collect and process about you

5.1 The information we collect and process about you will include (depending on the circumstances):

(a) Identity: title, names, the company you work for, your title or position and your relationship to a person;

(b) Contact data: addresses, email addresses, and phone numbers;

(c) Identification and background information: information provided by you as part of our business acceptance processes, including your passport details or other personal identification documents;

(d) Information contained in correspondence: information contained in any correspondence between us. For example, if you contact us using a query button on our website or by email or telephone, we will keep a record of that correspondence;

(e) Information contained in survey, questionnaire and feedback forms: for example, if you complete a feedback form after attending one of our events, send us an email, or complete a survey or questionnaire online or participate in a survey sent in an email by us, we will keep a record of the information provided by you;

(f) Employment and background data: if you are submitting a job application, you may also provide additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your passport or other identity document details, and any other such similar information that you may provide to us;

(g) Website usage and other technical data: information about your interactions with the website and the device that you use to access our website, including information such as IP addresses, geographical location, your device information (such as your hardware model, mobile network information, unique device identifiers). This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies please read paragraph 8 below; and

(h) Sensitive information: if you are submitting a job application, you may provide information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability.

 

6. How we use information about you

6.1 We will use your information for the purposes listed below either on the basis of:

6.1.1 your consent (where we request it);

6.1.2 where we need to comply with a legal or regulatory obligation; or

6.1.3 our legitimate interests.

6.2 We use your information for the following purposes:

6.2.1 To provide our services: to provide our services, or otherwise take steps as set out in our website, Terms Of Engagement (on the basis of performing our contract with you, or otherwise on the basis of our legitimate interest to conduct our business);

6.2.2 To respond to enquiries: to respond to any enquires you make over the phone, by email, or via our website, in particular when you make inquiries about the provision of our legal services to you (on the basis of your consent, on the basis of our legitimate interest to respond to inquiries from prospective clients and to operate a lawful business, or otherwise to comply with our legal obligations);

6.2.3 To provide access to our website: to provide access to our website in a manner convenient and optimal (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);

6.2.4 Relationship management: to manage our relationship with you, including by maintaining our database of contacts, notifying you about changes to our, terms of use, and/or privacy policy (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);

6.2.5 User and customer support: to provide customer service and support in relation to your use of our website (on the basis of our contract with you or on the basis of our legitimate interests to provide you with customer service), and to deal with enquiries or complaints about the website (on the basis of our legitimate interest in providing the correct services to our website users and to comply with our legal obligations);

6.2.6 Recruitment: to process any job applications you submit to us, whether directly or via an agent or recruiter (on the basis of our legitimate interest to recruit new employees or contractors);

6.2.7 Marketing: to keep in contact with you about our news, events, new website features, and services that we believe may interest you, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it, or our legitimate interests to provide you with marketing communications where we may lawfully do so);

6.2.8 Analytics: to use data analytics to optimising the use of our website, to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you, developing our business, and informing our marketing strategy);

6.2.9 Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to detect and prevent fraud and to operate a safe and lawful business or where we have a legal obligation to do so); and

6.2.10 Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

6.3 Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation).

 

7. Who we share your information with

7.1 In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

7.1.1 Our service providers: Service providers we work with to deliver our business, such as IT, system administration and security services based in the EU, identity verification, fraud prevention and detection services and recruitment service providers.

7.1.2 Regulators and governmental bodies: HM Revenue & Customs, the Solicitors Regulation Authority, governmental bodies and other authorities who require reporting of processing activities in certain circumstances;

7.1.3 Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;

7.1.4 Prospective buyers of our business: any prospective buyer of our business or assets, only in the event that we decide to sell our business or assets; and

7.1.5 Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property, or safety of our employees, or where such disclosure may be permitted or required by law.

7.2 We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

 

8. Cookies and similar technologies and third-party links

8.1 We use cookies and similar technologies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the website.

8.2 If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.

8.3 Our website may contain content and links to other third-party websites, plug-ins and applications that are operated by third parties that may also use cookies and similar technologies. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We don’t control these third party websites or cookies, we are not responsible for their privacy statements, and this Privacy Policy does not apply to them. We encourage you to consult the terms and conditions and privacy policy of the relevant third party website to find out how that website collects and uses your information and to establish whether and for what purpose they use cookies.

 

9. How we look after your information and how long we keep it for

9.1 We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is inherently insecure and although we do our best to protect your personal data, we cannot absolutely guarantee its security.

9.2 We will retain your information for as long as is necessary for the purposes for which it was collected or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights, or where we are required by law to retain such information.

 

10. International transfers of your information

10.1 Your personal data may be transferred to, and stored at, a destination outside the EEA and the UK in countries, which have less strict, or no data protection laws, when compared to those in Europe and/or the UK. It may also be processed by staff or our third party service providers in other non-EEA jurisdictions which also have less strict, or no data protection laws.

10.2 Whenever we transfer your personal data outside of the EEA or the UK, we will take the legally required steps to ensure that adequate safeguards are in place to protect such data and to make sure it is treated securely and in accordance with applicable data protection law. You may contact us for an explanation of the basis on which we have transferred your personal data and, where relevant, to request a copy of the legal safeguards we have put in place.

 

11. Your rights in relation to the information we hold about you

1.1 You have certain rights in respect of the information that we hold about you, including:

11.1.1 the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Policy;

11.1.2 the right to ask us not to process your personal data for marketing purposes;

11.1.3 the right to request access to the information that we hold about you;

11.1.4 the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;

11.1.5 the right to withdraw your consent for our use of your information in reliance of your consent (refer to paragraph 6 above to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Policy;

11.1.6 the right to object to our using your information on the basis of our legitimate interests (refer to paragraph 6 above to see when we are relying on our legitimate interests) (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;

11.1.7 the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;

11.1.8 in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and

11.1.9 the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.

11.2 Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications even when you have requested not to receive marketing communications.

11.3 How to exercise your rights

11.3.1 You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Policy and we will comply with your request unless we have a lawful reason not to do so.

11.3.2 Please note that your objection to processing (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use you information about you’). Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights, or meeting our legal and regulatory obligations.

11.3.4 You may request us to cease sending you any marketing information at any time by notifying us in writing using the contact information set out in paragraph 2 above. Each marketing email sent to you will contain an easy, automated way for you to cease receiving marketing emails from us. If you wish to do this, simply follow the instructions at the end of any email.

11.3.5 If you have received unwanted, unsolicited emails sent via this system or purporting to be sent via this system, please forward a copy of that email with your comments to juliet@retailleasing.co.uk for review.

11.4 What we need from you to process your requests

11.4.1 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

12. Changes to this privacy policy and your duty to inform us of changes

12.1 We reserve the right to make changes to this Privacy Policy from time to time. We will post any such changes to our site and, where appropriate, notify you of any material changes by e-mail.

12.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by contacting us via the contact details at the top of this Privacy Policy.

 

13. Client Privacy Notice

Retail Leasing Ltd (“Retail Leasing”, “we”, “us”, “our”) is committed to respecting and safeguarding your privacy. This Privacy Notice sets out the ways in which we process personal data where it is processed by us in connection with our client engagements. It also explains the rights that individuals may have under data protection law in relation to such data. In this Privacy Notice, we refer to this type of information as “Client Data” and it can include personal data from a broad range of individuals, including clients themselves (where the client is an individual), as well as individuals working for or connected with our clients, or individuals who are otherwise related to or involved in the matters on which we are instructed. For the purposes of data protection laws, Retail Leasing Ltd is the data controller in relation to the processing of Client Data as described in this Privacy Notice. For information regarding the processing of other personal data by us, please see our website privacy policy here.

1. WHAT CLIENT DATA DO WE PROCESS

The Client Data we process includes (depending on the circumstances):

  • Business contact details: Such as an individual’s work address, telephone number and email address.

  • Personal contact details: Such as alternative contact details in the event of an important situation arising (e.g. personal mobile number).

  • Identity documentation: Such a passport, driving licence or utility bill.

  • Details of personal circumstance: We may collect this information where an individual seeks our advice or where we need to ascertain the beneficial ownership of an organisation we are engaged to provide advice to. This could include financial data and background information. This could also include third party references (if required) and information required under applicable regulations as part of client due diligence for the purposes of preventing money laundering, terrorist financing or proliferation financing (if applicable).

  • Information about a client’s staff or a client’s third party business associates: Such as who works for our client and who our client does business with, or about other individuals who may be connected with or involved in a matter on which we are advising. This information may be obtained in circumstances where we are acting on a transaction between our client and another organisation/individual, or where we are acting for our client in the course of a dispute.

  • Information to help us perform our services: Such as constitutional documents relating to an organisation, financial statements or other company documentation.

  • Other information: This is information which our clients voluntarily provide in the course of our relationship. For example, where individuals working for a client registers an interest in a particular event we run, or a newsletter we send. Client Data may include special categories of data (such as race or ethnicity, religious beliefs, sexual orientation, health and information regarding disabilities) and/or information about criminal convictions and offences. It is important that you notify us as soon as reasonably practicable if there are any changes to the details we hold for you (such as your residential or business address, as relevant), or any material change in your circumstances which might affect the provision of our services to you.

2. HOW WE COLLECT CLIENT DATA

We collect Client Data that is provided to us in the following ways:

  • As part of our client due diligence and business acceptance processes. 2 of 4

  • When clients and others submit correspondence to us (including by post, email, direct messages, or via our website).

  • When individuals register for and/or attend our events.

  • In the course of providing our legal services.

  • In certain circumstances, we receive Client Data from third parties such as courts, lawyers, accountants, and expert witnesses.

  • Where permitted or required by law, we receive Client Data, including fraud detection information, from third party service providers, financial crime compliance and KYC solutions providers and/or publicly available sources such as Companies House, for instance to carry out identity and compliance checks.

 

3. HOW WE USE CLIENT DATA

We use Client Data for the following purposes:

  • To comply with any client verification obligations and/or any other legislation or regulations applicable to the provision of legal services, and to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud. The processing is undertaken on the basis of our legitimate interests to operate a safe and lawful business and to detect and prevent fraud, or where we have a legal obligation to do so.

  • To provide the legal services requested from us. This processing is undertaken either on the basis of performing our contract with our clients, or on the basis of consent, or where necessary for the establishment, exercise or defence of legal claims or otherwise on the basis of our legitimate interest to conduct our business.

  • To manage our relationship with our clients, including by maintaining our database of clients, notifying clients about changes to our terms of engagement and/or our fees. This processing is undertaken either on the basis of performing our contract with our clients, or to comply with our legal obligations, or on the basis of our legitimate interests to keep our records updated and to conduct our business.

  • To keep clients and others informed of our news, publications, services, seminars, and events. This processing is undertaken either on the basis of consent where we have requested it, or our legitimate interests to provide marketing communications where we may lawfully do so.

  • To manage our internal business processes (such as credit checking and invoicing, and to collect and recover money owed to us). This processing is undertaken on the basis of performing our contract with our clients and on the basis of our legitimate interest to recover debts due and to conduct our business.

  • To enable us to comply with our policies and procedures, to defend any claims, and enforce our legal rights, or to protect the rights, property, or safety of our employees and share Client Data with our advisors. This processing is undertaken on the basis of our legitimate interests to operate a safe and lawful business, where necessary for the establishment, exercise or defence of legal claims, or where we or where we have a legal obligation to do so. Where we process Client Data on the basis of our legitimate interests, we ensure that we take into account any potential impact that such processing may have on the relevant individual/s.

  

4. WHO IS CLIENT DATA SHARED WITH

We share Client Data with our third party service providers where this is necessary in order to provide our services to a client, as well as certain other third parties, as described below. We will only disclose Client Data to our third party service providers and other third parties in the following circumstances:

  • Where it is necessary as part of the work we are doing, for example, where we have engaged an expert in a dispute. 3 of 4

  • When required to do so by law.

  • In response to a legitimate request for assistance by the police or other law enforcement agency.

  • To seek advice from our professional advisers or in connection with a dispute. § In connection with the sale, purchase or merger of our business.

  • Where the third party service provider needs the information to provide the services to us, for example where we have instructed foreign counsel on a client’s behalf, or if a document needs to be translated into a foreign language or where we are utilising a third party tool or service (such as a disclosure platform) in order to provide a service to our client.

 

5. HOW LONG WILL WE RETAIN CLIENT DATA?

We store Client Data for as long as we need it for the purposes set out above. This period will vary depending on clients’ interactions with us. For example, where there is an engagement with us, we will keep Client Data for the period necessary for invoicing, tax and to protect our legal interests and meet our regulatory obligations. We may also keep Client Data as a record of correspondence with a client (for example if a client has made a complaint about our service) for as long as is necessary to protect us from a legal claim. Where we no longer have a need to keep Client Data, we will delete it. In general, we store our client files for 7 years from the date when we close the file. The above retention periods do not apply to the storage of documents (such as title documents, title deeds and other valuable documents) which you specifically ask us to keep in safe custody. In accordance with applicable regulations relating to anti-money laundering, terrorist financing and proliferation financing, we will keep copies of documents, information and supporting records we obtain to satisfy client due diligence requirements, measures and/or ongoing monitoring, for at least 5 years beginning on the date on which we know, or have reasonable grounds to believe, as applicable: (a) that the transaction is complete, for records relating to an occasional transaction, or (b) that the business relationship has come to an end. Following expiry of this retention period, we will delete any personal data obtained in relation to the applicable regulations unless either (a) we are required to retain records containing personal data by law or for the purposes of any court proceedings; (b) the relevant individual has given consent to the retention of that data; or (c) we have reasonable grounds for believing that records containing the personal data need to be retained for the purpose of legal proceedings.

 

6. INTERNATIONAL TRANSFERS OF YOUR INFORMATION

Client Data may be transferred to, and stored at, a destination outside the EEA and the UK in countries, which have less strict, or no data protection laws, when compared to those in Europe and/or the UK. It may also be processed by staff or our third party service providers in other non-EEA jurisdictions which also have less strict, or no data protection laws. Whenever we transfer Client Data outside of the EEA or the UK, we will take the legally required steps to ensure that adequate safeguards are in place to protect Client Data and to make sure it is treated securely and in accordance with applicable data protection law. You may contact us for an explanation of the basis on which we have transferred Client Data and, where relevant, to request a copy of the legal safeguards we have put in place.

 

7. YOUR RIGHTS

You have certain rights in respect of the information we hold about you, including the right to:

  • Request that we correct or rectify any information that we hold about you which is out of date or incorrect. 4 of 4

  • Withdraw your consent for our use of your information where we rely on your consent.

  • Object to our using your information on the basis of our legitimate interests (or those of a third party).

  • Receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances.

  • Ask us to limit or cease processing or erase information we hold about you in some circumstances.

  • Lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) and with the relevant authority in your country of work or residence.

  • You also have the right to request access to any information that we hold about you. If you with to exercise any of the above rights (or if you have any questions regarding this Privacy Notice), you may contact us at: FAO: Juliet Levy Retail Leasing Ltd 5 Hartsbourne Close Bushey Heath Hertfordshire WD23 1SA  Email: juliet@retailleasing.co.uk

You may also ask that we stop sending you marketing communications at any time by notifying us in writing using the same contact information set out above, by contacting the lawyer responsible for your work, or by following the unsubscribe link contained in the marketing emails that we send to you. Any request to exercise one of these rights will be assessed by us on a case by case basis. There may be circumstances in which we are not legally required to comply with a request because of relevant exemptions provided for in applicable data protection legislation.

 

8. UPDATES TO THIS PRIVACY NOTICE

We reserve the right to make changes to this Privacy Notice from time to time. We will post any such changes to our site and, where appropriate, notify you of any material changes by e-mail. This section was last updated on 1 April 2024.

 

Retail Leasing Ltd is authorised and regulated by the Solicitors Regulation Authority Number 8007008. Retail Leasing is the trading name of Retail Leasing Ltd registered in England (Company Number 15331591). Registered office 5 Hartsbourne Close Bushey Heath Hertfordshire W23 1SA