We understand how important protecting your personal and sensitive data is, so We want to tell you about the basis upon which We will gather and process your personal and sensitive data so that you are reassured that it is being properly processed and protected.
OUR LEGAL OBLIGATION WHEN PROCESSING YOUR PERSONAL AND SENSITIVE DATA
When processing your personal data (and the personal data of others), We must abide by the data protection principles:
- We must process your personal data lawfully, fairly and in a transparent manner;
- Your personal data must only be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
- Your personal data must be adequate, relevant and limited to that which is necessary in relation to the purposes for which it is processed;
- We must ensure the personal data We store is accurate, and up to date. We must also take every reasonable step to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- Your personal data must be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data is processed;
- Your personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
These obligations also apply to the personal data of the individual(s) about whom the enquiry relates.
THE TYPE OF INFORMATION THAT WE COLLECT
We process your personal information to meet Our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you or process your information in any way, other than as specified in this policy.
In order to provide Our Services, We may collect information about you, and information about the individual about whom your enquiry relates, which includes: –
- Date of Birth and age;
- Home Address;
- Personal Email;
- Business Email;
- Home Telephone Number;
- Mobile Telephone Number;
- National Insurance Number;
- Passport Number;
- Driving License Number;
- Where appropriate and if your case requires, Special Category Data (i.e. health/medical information, details about religion, sexuality, trade union membership etc.);
- Professional qualifications;
- Personnel file including documents such as records about work attendance, performance, disciplinary, grievance, sickness records and appraisals,
- Text messages, phone records;
- Photos and CCTV images or videos;
- Financial details such as payslips, bank statements, credit cards, expenses and receipts;
We collect the information above in the following ways: –
- Via any online third-party platform such as Facebook, LinkedIn, Twitter, The Law Society, My Legal Adviser ;
- Via Our website enquiry form;
- Website orders;
- Verbal instruction by telephone or in person;
- On receipt of documentation from you;
HOW WE USE YOUR PERSONAL DATA
We set out below the purpose and reasons for processing and sharing your personal data :-
- We collect and use your personal data in the performance of a contract or to provide a service and to ensure that orders are completed and can be sent out to your preferred address;
- We collect and use your personal data in order to check and update client records to ensure accuracy;
- We collect and use your personal data to help Us manage Our practice;
- We collect, store and use your personal data as part of Our legal obligation for business accounting, credit control and tax purposes;
- Should you not pay We have a legitimate interest to share your personal data with Thomas Higgins Solicitors who are a firm providing services recovering unpaid invoices;
- We will collect, store and use your data for legal and regulatory compliance requirements;
- We will occasionally send you marketing information where We have assessed that it is beneficial to you as a customer and in Our interests. Such information will be non-intrusive and is processed on the grounds of legitimate interest.
The normal justification for Us processing your data will be to enable Us to perform Our contract with you. Our use of that information is subject to your instructions, the law and the duty of confidentiality We owe to clients.
THE LAWFUL BASIS FOR SHARING AND DISCLOSING YOUR PERSONAL INFORMATION
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this policy or where there is a legal requirement.
We set out below the lawful basis upon which We will share and disclose your data :
FOR PERFORMANCE OF OUR CONTRACT WITH YOU
The normal justification for Us processing or sharing your data will be to enable Us to perform Our contract with you. Our use of that information is subject to your instructions, the law and the duty of confidentiality We owe to clients.
In order to allow Us to perform Our contract with you We may need to share and disclose your personal data to the following third parties :
- Anyone you expressly authorise Us to deal with on your behalf;
- Your employee or former employee’s HR or legal representative;
- Your employee’s or former employee’s Trade Union or Trade Union representative, if any
- The Employment Tribunal;
- Witnesses or prospective witnesses;
- Third-party funding providers and their legal underwriters or appointed costs draftsman instructed to assess your file and Our costs;
- Barristers (and those working in chambers supporting the barrister) as appointed by Us to provide representation or advice in relation to the matter;
- Your employee’s or former employee’s Occupational health providers;
- Your employee’s or former employee’s GP;
- An independent medical expert or other expert witness;
- Pension providers or pension experts;
- An organisation which referred you to Us under a formal referral agreement;
- An organisation to which We have referred you to under a referral agreement.
FOR COMPLIANCE WITH LEGAL OBLIGATION
- An organisation who referred you to Us under a formal referral agreement
- An organisation to whom We have referred you to under a referral agreement
- Compliance with Court or Employment Tribunal directions;
- In the event of a claim, We will need to send your personal details (copy file) to Our PII provider.
FOR OUR LEGITIMATE INTERESTS
We occasionally process your personal information under the “legitimate interests” legal basis. Where this is the case, We have weighed your interests and any risk posed to you against Our own interests; ensuring that they are proportionate and appropriate. Our legitimate interests are set out below:
- When preparing for and auditing Our accounts under the Solicitors Regulation Authority’s Accounts Rules, We can share your data with the SRA and professional advisers including but not limited to auditors and Our accountants;
- When obtaining quotes for insurance or other financial products required for the safe running of the business, We can share and disclose your personal details to auditors, insurance brokers or other insurance providers and financial advisers;
- We may share your personal data with a third-party organisation where they referred you to Us under a formal referral agreement;
- We may share your personal data with a third-party organisation where We have referred you to them under a referral agreement;
- When dealing with invoicing, credit control, debt collection or enforcement of court order, We are entitled to disclose data to Our chosen representatives or agents, (currently JB Accounts and Bookkeeping Limited and Thomas Higgins) for the purpose of chasing unpaid invoices and debt collection activity which can include but is not limited to pursuing legal proceedings against you.
All of these are obliged to keep all such information confidential.
FOR BUSINESS FUNCTIONS
- Our legal compliance: Beacon Legal Management
- IT services: Contact us for a full list
- IT & communication system: Contact us for a full list
- Bookkeeping & invoicing: J B Accounts & Bookkeeping
- Credit control: J B Accounts & Bookkeeping
- Debt recovery: Thomas Higgins
- Our accountants: Michael Dufty Partnership
- Our banking facilities: Handelsbanken, Elavon and SagePay
- Confidential shredding: ShredPro
- PII provider: Lloyds
- Professional body: Solicitors Regulation Authority, The Law Society, The Legal Ombudsman
Sharing personal data to these third-parties fall within Our legitimate interests required for the proper and efficient running of Our business.
PROCESSING, SHARING AND DISCLOSING SPECIAL CATEGORIES DATA
Owing to the services We offer We sometimes need to process or disclose sensitive personal information about any individuals you require advice about. This can include the following:
- Political opinions
- Religious of philosophical beliefs
- Medical and health information
- Trade union membership
- Details of your sexual orientation or sex life
- Details of your racial or ethnic origin
We will only collect such data if it is necessary for the work We are doing for you. If We need to collect, process and disclose such information We may ask you to consent to Us processing that data or alternatively advise you of the legal basis for processing this data. You have the right to refuse but if you do We may not be able to act for you.
Where We process personal data and sensitive personal data on behalf of your employees (or other individuals about whom your enquiry relates) you are responsible for ensuring that you have the appropriate legal basis to process their information. We will ensure that any personal data of those individuals is processed in a way which is compliant with GDPR and the relevant data protection legislation.
If We are ordered by a court to disclose documents or information, some or all may be subject to legal professional privilege. If this is so, We will advise you of the opportunity to waive privilege. If you decide not to do so and this is challenged, We will be entitled to payment by you for the work We do and expenses We incur in seeking to preserve privilege on your behalf.
We want to make sure you are aware of your rights under data protection legislation. In order to be as helpful as possible, We have listed your rights below:
- You have a right of access to the personal data that We hold about you including the right to ask Us to provide a copy of any of it;
- You have the right to ask for your personal data to be destroyed. Please note, this is not an automatic right to have it destroyed just a right to request your data be destroyed;
- You have the right to object to the processing of your personal data;
- You have the right to withdraw your consent for the processing of personal data you have previously consented to;
- You have the right to complain to the Information Commissioner.
If We receive a request from you to exercise any of the above rights, We may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including technical measures and organisational policies and procedures.
TRANSFERS OF DATA OUTSIDE THE EU
Personal data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your personal data. The Company Solicitor Limited does not transfer or store any personal data outside the EU.
HOW LONG WE KEEP YOUR DATA
We only ever retain personal information for as long as is necessary and We have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed. Please note, where you have consented to Us using your details for direct marketing, We will keep such data until you notify Us otherwise and/or withdraw your consent.
DETAILS YOU MAY NEED
We are registered on the Information Commissioner’s Office Register; registration number ZA152749, and act as the data controller when processing your data. Our designated Data Protection Manager is Helen Moore who can be contacted at the above-mentioned address, by email at email@example.com or by telephone on 01905 932322.
MAKING A COMPLAINT
If you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with Our Data Protection Manager using the details set out above or, should you prefer, with the Information Commissioner’s Office – www.ico.org.uk or 0303 123 1113.