We are registered with the Information Commissioners Office (ICO) registration number ZA192231. We are a data controller and are bound by the requirements of the data protection legislation in force in the United Kingdom.
This notice sets out how we process your personal data and the lawful reasons why we process it.
What information do we collect about you?
At the point of making your initial enquiry with us, through to the conclusion of any case where we act on your behalf, we will obtain information about you from yourself and others, and also generate information about you. This includes but is not limited to:
- Personal data including name, address (including historic addresses when you move we are acting on your behalf), NI number, marital history.
- Proof of ID which includes copies of passport, driving licence, utility bills, results of an online identity check.
- Financial information including bank details, tax information, pensions, benefits, mortgage and loan liabilities.
- Details of your employment history including salary, role, working hours, promotion, future prospects, attendance, absence due to sickness, parental leave and responsibilities, compassionate leave.
- Details of qualifications.
- Details about your family/friends when you have disclosed this to us.
- Activities outside work that you have disclosed to us.
- Special categories of data including details of your medical history, including reports on this requested by us on your behalf.
- Details of any criminal record where disclosed by you or where we are informed by others.
- Information that falls under the protected characteristics defined in equality legislation eg sexual orientation, religion, when disclosed by you.
How we use the information you provide and who we share it with
We use the information you provide to enable us to honour our contract with you and to satisfy our legal obligations as a law firm, and where we have a legitimate interest in doing so.
Necessary performance of a contract – all of the information you provide to us is processed as part of your contract with us. This information is shared with those who have need of it within the firm including those working on your case, accounts, and administration. We only request access to and process that data which is necessary for us to act on your behalf. We will share this information with others outside the firm, who are instructed on your behalf. This includes barristers, experts, law costs draftspersons. We will also share it with the other side and the Court. We are required to share limited information with any insurance provider that is supplying insurance against the costs of your case.
Legal obligation – We may be required by law to share your personal data with other organisations including statutory returns, crime prevention, legal and regulatory compliance.
Anti money laundering legislation requires us to obtain proof of ID and in some circumstances the source of any funds.
Where you have disclosed to us any special characteristics, we will not disclose this unless we have a legal obligation to do so, but we will use it to ensure that you are not discriminated against unfairly. We do not actively collect sensitive personal data in relation to monitoring of equal opportunities.
Legitimate interest – we have a legitimate interest in collecting some of the data about you. We use this information for analysis for management purposes, enhancing and updating our client records. We may also share your information with our professional indemnity insurance provider, in the event that there is an issue with your case and where a claim for damages could be made against us.
We may send you information on the services we provide as a company. We have a legitimate interest in promoting our own company. However, you have the option to choose not to receive this information.
We do not share your personal information with 3rd parties for marketing purposes.
We outsource some of our data processing functions. In those circumstances we ensure that the 3rd party agrees to keep your data secure and is bound by law or agreement to suitable standards of data protection. We have written agreements in place to ensure that the data processor is compliant with the UK data protection regulations. Wherever possible we do not transfer data outside the EU, unless it is required as part of your case. In the event that we process data on systems held outside the EU we will ensure that there is a written contract in place to ensure compliance with the UK data protection regulations.
How we store information about you
We retain the original copy of any fee agreements, any documents provided by you or a 3rd party as part of your case such as medical records, payslips. These are kept in a secure area. Those we do not return to you during your case, will be retained for its duration. At the end of your case they will either be returned to you or securely destroyed.
All of the information we keep about you is stored electronically, including electronic copies of paper documents. This is kept in our cloud environment, where access is limited to defined individuals.
How long do we keep your data
We will retain your personal data for a minimum of 7 years after the conclusion of your case. We will notify you again of this at the conclusion of your case. If we will retain your information for longer, for example where we are acting on behalf of a child, then we will notify you of this at the conclusion of your case.
- You have the right to withdraw your consent for us to process your personal data. This cannot be given retrospectively. However, in withdrawing your consent you may also be ending your instruction to us and you should be aware of the implications of this.
- You have the right to request that any errors in the personal data we hold for you are corrected. We rely on you to keep us informed of any changes to your personal data such as address, bank details, name.
- You have the right to request that the personal data we hold about you is erased (the right to be forgotten).
- You have the right to ask us to restrict our processing of your personal data.
- You have the right to request electronic copies of the data that you have provided to us.
- You have the right to object to us using your personal data for marketing purposes. We do not sell or share your personal data with any third parties who will use it for marketing purposes.
- You have the right to complain to the ICO if you consider that our processing of your personal data breaches the data protection regulations that are in force at that time.
If you wish to exercise any of your rights, then please contact our Data Protection Compliance Officer either by email to firstname.lastname@example.org or by telephoning 0161 615 5554. We will not refuse to act if you exercise any of your rights listed above, except when we are not in a position to identify you within the data.
We do not accept responsibility for breach of confidentiality due to a fault or omission by you, or due to the result of any action by a 3rd party, or if the information enters the public domain by another route. If we are aware that your confidentiality has been breached either by ourselves or a 3rd party, we will advise you on what action you can take and the action taken by ourselves, which may include self reporting to the ICO.