Privacy Policy of Sterling Corporate Law Office

1. Introduction Sterling Corporate Law Office ("we", "us", "our") is committed to protecting the privacy and personal data of our clients, prospective clients, business partners, and website visitors. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in connection with our expert legal services in England, including but not limited to legal services in corporate law, family law, immigration law, company registration, legal representation, contracts, taxes, real estate, inheritance disputes, and legal audits.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and all other applicable data protection laws in England.

By engaging our law firm, using our website, or otherwise providing your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller Sterling Corporate Law Office is the data controller responsible for your personal data. This means we determine the purposes and means of processing your personal data in the context of our legal services.

3. Personal Data We Collect We may collect and process various categories of personal data, including:

3.1 Identification and contact data

• Full name, title
• Address
• Email address
• Telephone number(s)
• Date of birth
• Nationality
• Identification documents (e.g., passport, ID card, driver’s licence)

3.2 Professional and business information

• Job title, role, and employer
• Company registration details and corporate records
• Shareholding and directorship information

3.3 Case-related information

• Information you provide in connection with legal advice or legal representation
• Documents relating to contracts, corporate law matters, family law issues, immigration law matters, tax matters, real estate transactions, inheritance disputes, and legal audits
• Information about counterparties, witnesses, and other persons involved in your matter

3.4 Financial information

• Bank account details (where required for payment or client account purposes)
• Invoices, payment history, and billing information
• Information required for anti-money-laundering (AML) and know-your-customer (KYC) checks

3.5 Special category data Where necessary for a legal matter, we may process special category data, such as:

• Data concerning health
• Data revealing racial or ethnic origin
• Data relating to religious or philosophical beliefs
• Data relating to criminal convictions or offences (where legally permitted) We only process such data where it is necessary for the establishment, exercise, or defence of legal claims, for reasons of substantial public interest, or otherwise permitted by law.

3.6 Technical and usage data (online) When you visit our website or communicate with us electronically, we may collect:

• IP address
• Browser type and version
• Device identifiers
• Usage data (pages visited, time and date of visit, referring website)
• Cookie and similar technology data (where applicable; see Section 10 below)

4. How We Collect Personal Data We collect personal data in the following ways:

   • Directly from you (in person, by telephone, email, post, or via our website forms)
   • From publicly available sources (e.g., Companies House, Land Registry, professional registers, public court records)
   • From counterparties, other law firms, advisors, and experts involved in your matter
   • From regulatory and governmental authorities, courts, and tribunals
   • From our service providers (e.g., due diligence providers, credit reference agencies, AML/KYC providers)

5. Legal Bases for Processing We process personal data under one or more of the following legal bases:

   • Performance of a contract: where processing is necessary to enter into or perform a contract for legal services with you.
   • Legal obligations: where processing is necessary to comply with our legal and regulatory obligations (e.g., AML, tax, record-keeping, regulatory requirements).
   • Legitimate interests: where processing is necessary for our legitimate interests or those of a third party, and your interests and fundamental rights do not override those interests (e.g., managing our practice, compliance, risk management, business development, defending legal claims).
   • Consent: where you have given clear consent to the processing for specific purposes. You may withdraw your consent at any time (see Section 11), without affecting the lawfulness of processing based on consent before its withdrawal.
   • Establishment, exercise, or defence of legal claims: particularly concerning special category data or criminal offence data, where allowed by applicable law.

6. Purposes of Processing Personal Data We use your personal data for the following purposes:

6.1 Provision of legal services

• Advising on corporate law, family law, immigration law, real estate, taxes, contracts, and inheritance disputes
• Providing legal representation in negotiations, mediations, tribunals, and courts
• Preparing and reviewing contracts, corporate documents, and other legal instruments
• Conducting legal audits and due diligence

6.2 Client onboarding and compliance

• Verifying identity and conducting AML/KYC checks
• Assessing conflicts of interest
• Performing background checks where lawful
• Managing client engagement letters and terms of business

6.3 Practice and case management

• Managing client files and matters
• Communicating with you and relevant parties
• Document management and archiving
• Time recording, billing, invoicing, and payment processing

6.4 Business operations and security

• Managing and improving our website, IT systems, and communications
• Ensuring network and information security
• Preventing, detecting, and investigating fraud or other unlawful activities
• Maintaining internal records, accounts, and compliance documentation

6.5 Marketing and business development

• Sending information about our legal services, updates, events, or legal developments that may be relevant to you (where permitted by law)
• Managing our contact lists and communication preferences You may opt out of marketing communications at any time (see Section 11).

7. Disclosure of Personal Data We may share your personal data with the following categories of recipients, only to the extent necessary and in accordance with applicable law:

• Other law firms, barristers, solicitors, and legal professionals involved in your matter
• Courts, tribunals, regulators, and governmental authorities in England or other jurisdictions where required
• Accountants, tax advisors, corporate service providers, real estate agents, and other professional advisors
• Expert witnesses, translators, and other third-party experts
• Banks, financial institutions, insurers, and insurance intermediaries
• Service providers who support our business operations (e.g., IT providers, cloud hosting providers, document management systems, email and communications providers, AML/KYC service providers)
• Third parties to whom we may choose to sell, transfer, or merge parts of our practice or our assets, or with whom we may seek to merge or form an alliance, provided adequate confidentiality and data protection safeguards are in place

We require all third parties who process personal data on our behalf to respect the security of your data and to treat it in accordance with the law, and we enter into appropriate data processing agreements where required.

8. International Transfers In the course of providing legal services, your personal data may be transferred outside the United Kingdom or the European Economic Area (EEA), for example where a cross-border legal matter involves foreign courts, authorities, counterparties, or service providers.

Where we transfer personal data internationally, we will ensure that an adequate level of protection is provided in accordance with applicable data protection law. This may include:

• Transfers to countries that have been recognised as providing an adequate level of data protection; or
• Use of appropriate safeguards such as standard contractual clauses approved by the UK authorities; or
• Other mechanisms permitted under the UK GDPR.

You may contact us for further information on the specific safeguards in place for international transfers of your personal data.

9. Data Retention We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of:
   • Providing legal services and ongoing client relationship management
   • Satisfying any legal, regulatory, accounting, or reporting requirements
   • Establishing, exercising, or defending legal claims

As a law firm, we are subject to statutory and regulatory retention obligations that may require us to keep client and matter files for a number of years after a matter has concluded. Retention periods may vary depending on the type of matter and applicable legal obligations.

When personal data is no longer required, we will securely delete or anonymise it, unless we are legally required to retain it for a longer period.

10. Cookies and Similar Technologies Our website may use cookies and similar technologies to enhance user experience, analyse website traffic, and support the provision of our legal services online.

Cookies are small text files placed on your device by websites that you visit. Depending on their type, cookies may be necessary for the functioning of the website or used for analytics or preference storage.

Where required by law, we will request your consent before placing non-essential cookies on your device. You can manage your cookie preferences through your browser settings and, where available, through our cookie banner or settings tool.

Disabling or rejecting certain cookies may affect the functionality and performance of our website.

11. Your Rights Under Data Protection Law Subject to certain conditions and exceptions under the UK GDPR and other applicable law, you have the following rights in relation to your personal data:

• Right of access: to obtain confirmation as to whether we process your personal data and to receive a copy of such data.
• Right to rectification: to have inaccurate or incomplete personal data corrected.
• Right to erasure: to request deletion of your personal data where there is no lawful basis for us to continue processing it.
• Right to restriction: to request that we restrict the processing of your personal data in certain circumstances.
• Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible and lawful.
• Right to object: to object at any time to processing based on our legitimate interests, and to object to direct marketing.
• Right to withdraw consent: where processing is based on your consent, you may withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal.

If you wish to exercise any of these rights, please contact us using the contact details provided on our website or in our client care letters. We may need to verify your identity before acting on your request.

12. Security of Your Personal Data We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, disclosure, or destruction. These measures may include:
    • Access controls, authentication, and authorisation procedures
    • Encryption and secure transmission of data where appropriate
    • Regular monitoring and testing of our IT systems and security controls
    • Staff training on confidentiality, data protection, and information security

Despite our efforts, no system can be guaranteed to be completely secure. However, we are committed to responding promptly and appropriately to any suspected data security incident.

13. Children’s Data Our legal services are generally not directed at children. However, in certain matters (for example, family law or immigration law cases), we may need to process personal data relating to children when it is necessary for the provision of legal advice or legal representation, and when permitted by applicable law. Such data will be handled with particular care and subject to appropriate safeguards.

14. Third-Party Websites Our website may contain links to third-party websites or services that are not operated or controlled by Sterling Corporate Law Office. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our services. The updated version will be posted on our website, indicating the date of the last revision. We encourage you to review this policy periodically to stay informed about how we handle personal data.

16. Contact and Complaints If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact us using the contact details available on our website.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) or another competent supervisory authority if you believe that your data protection rights have been infringed. However, we encourage you to contact us first so we can try to resolve your concerns directly.

By engaging Sterling Corporate Law Office for legal services or by using our website, you acknowledge that you have been informed of our data protection practices as set out in this Privacy Policy.