GDPR 25th May 2018
For the purposes of the General Data Protection Regulations (GDPR) we will be a ‘data controller’ and ‘data processor’ in respect of any personal information and data we hold about you. This policy is intended to set out our standards of confidentiality when we collect, use and disclose to others any such personal information while providing you with guidance, representation and other services. We have appointed a Data Protection Officer (DPO). If you have any problems or complaints relating to this policy please contact our DPO 71-75 Shelton Street, London WC2H 9JQ or call him on +44 (0) 7497 506162 or email him at [email protected].
If you remain dissatisfied, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk). This policy is subject to change from time to time.
Who
This policy applies to everyone from whom we collect and process personal information including, but not limited to, our clients, our referrers of work, barristers and expert witnesses/consultants we employ, other solicitors and their clients or people acting in person, the courts or tribunals, mediators, our regulators, insurance companies, cost draftsmen/lawyers, accountants, auditors In addition, the employees of all such entities.
What
We are a multi-service consultancy firm and it would not be possible to list every type of personal information we gather during our business relationships and which are necessary for us to deliver our services. Some of the categories of data we collect include, but are not limited to, contact data (addresses, email addresses, telephone numbers), Identity data (names, marital status, date of birth, gender, NI number, family relationships, employment status, job title), Financial data (bank accounts, credit and debit card details, business accounts, salary), Transaction data (retainers, contracts, deeds and documents, evidence, photographs, diary entries, emails records), Medical data (records, reports).
Where
The data we receive comes from many sources including, but not limited to, our direct interactions with our clients, contacts, introducers. It is kept digitally within the e-filing system, practice and case management systems, Word, Excel, Outlook and other document management systems, audit records, sub-contractor registers, management records, complaints and claims registers. We may transfer data out of the EU where there was an international legal transaction or court action requiring that transfer.
How
We use personal data to the extent we are lawfully allowed to including, but not limited to, contractual obligations with clients and third parties(providing advice and services, billing, internal registers and records), where it is in our legitimate interest (or those of a third party) to do so ( allowing access to our files for audit by regulators, quality assurance, accountants, business partners, or prospective associates, conducting satisfaction surveys), where we need to comply with a legal or regulatory obligation (such as the Financial Ombudsman, or under our anti-money laundering obligations), or, rarely, where we have received consent to use that data. Where we process special categories of personal data it will be in respect of your application only and will be done under Article 9 (2), although not limited to these exceptions, with your explicit consent, or where it is necessary for the establishment on your behalf. This might be done by mail, email, telephone, fax or other communication media.
With whom
We only share personal information where we are reasonably certain that the data will protected. The categories of people and organisations that we might share data with include, but are not limited to, internal third parties (consultants, contractors, agents, lawyers and employees from other offices, or companies within a Group of companies), External third parties (barristers, experts, outsourced IT and other service providers, professional advisers, regulators and other UK authorities, fraud prevention agencies, satisfaction survey companies), External businesses ( negotiate for sale, transfer or merger of all or part of our business).
Security
We are committed to data security and have put in place reasonable physical, electronic and managerial security measures to protect personal data we hold and prevent it being lost, stolen, or used in unauthorised ways. We have procedures to deal with any data breaches and will notify you and our regulator where we are legally required to do so.
How long
We will hold personal data, whether in electronic or paper form for as long as necessary to fulfil the purposes we collected it for but for a minimum of 7 years after it was collected.
Legal rights
We recognise the rights of individuals under the data protection laws where we process their data. They may request a copy of the data we hold, object to our processing of the personal data or request restriction of our processing of the data, request correction of data, request erasure or transfer of the personal data, and withdraw consent to processing. You should not have to pay a fee to exercise any of these rights unless the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.
We try to respond to all legitimate requests within one month