1.1 Our business consists of the provision of legal advice and assistance and technology-related solutions to businesses. We occasionally advise people in their personal capacity, but in the vast majority of cases, we advise clients (who may be individuals) acting in the course of a trade, business or profession We set out below important information about our processing of data relating to living individuals by reference to the purposes for which we do so in the context of that business.
1.2 We have published this policy with the view of engendering your trust in our processes, so that you understand what we do and why, and in order that, if you wish to challenge them, you have information about your rights. This policy is not detailed with respect to all aspects of our processing of personal data because so much depends on the prevailing circumstances. We have given as much information as we can by way of default, and we supplement this where appropriate in our detailed dealings with clients and others.
1.3 In the electronic form of this policy you can navigate to the sections which are of interest to you by clicking on the description of the purpose or the reference to the section.
1.4 The purposes are as follows:
1.4.1 Marketing our services
1.4.2 Accepting a client
1.4.3 Dealing with you as a client
1.4.4 Performing our services to clients which involve processing personal data about others associated with them, such as members of officers, employees, agents and contractors
1.4.5 Dealing with people who are not clients or associated with a client
1.4.6 Keeping records and accounts
1.4.7 Operating our business
1.5 We have included sections describing your rights, our contact information generally and how you can make a complaint.
- MARKETING OUR SERVICES
2.1 The basis on which we process data
2.1.1 Our business thrives because we take pride in it and provide a first-class service, but the market in which we operate is competitive. To that end we have a legitimate interest in marketing our services to existing and potential clients.
2.1.2 The steps we take to attract potential clients bring us directly and indirectly into contact with them so as to communicate information about our services. We are not intrusive and always respect the wishes of individuals once we are aware of them.
2.2 Types of personal data
2.2.1 We process the following classes of personal data in connection with our marketing:
(a) professional contact details, including office address, telephone numbers, and email; and
(b) personal and business interests.
2.2.2 We use this data in order to:
(a) communicate directly with people via telephone, email, SMS text and other forms of electronic communication; and
(b) send people materials about our business, events and publications.
2.3 Categories of individual
We process data on personal contacts of our members of staff, and employees and other representatives of past, current and perspective clients.
2.4 Sources of personal data
2.4.1 The individuals themselves.
2.4.3 Lists of attendees at events which members of staff have also attended.
2.4.4 Users who have registered to use our on-line services.
2.5 Disclosures of personal data
We do not disclose information we hold on third parties for marketing purposes.
2.6 How long we keep personal data
We keep personal data processed for marketing purposes for so long as we believe the person or the organisation they represent may be interested in receiving our services.
- ACCEPTING A CLIENT
3.1 The basis on which we process personal data
Where we are asked to act for a client, there are preliminary steps we may need to take before we enter into a contract with the client. The process of accepting a client has two main parts (where appropriate to the advice we are to provide):
3.1.1 compliance by us with legal obligations to know our clients and to prevent money laundering and terrorism financing; and
3.1.2 obtaining the information we need to open a matter and provide our services.
3.2 Types of personal data
In all cases we collect the following information (where necessary):
3.2.1 name, the name of the organisation (if any) that a person represents, and contact details;
3.2.2 information to confirm the identity of a client, for instance, a copy of a passport, driver’s licence and utility bill.
3.3 Categories of individual
Directors, officers, employees and other representatives of a client and its shareholders.
3.4 Sources of personal data
3.4.1 You personally.
3.4.2 Your colleagues.
3.5 Disclosures of personal data
In the vast majority of cases this process is a formality, and we don’t disclose the information we obtain to anyone else except in the course of providing our services (see section 4 (Dealing with a client)). However, in some situations, we are duty bound to report matters to law enforcement agencies for the prevention and detection of crime, including the police and the National Crime Agency. In certain circumstances we are not permitted to inform a person that we’ve done so or intend to do so.
3.6 How long we keep personal data
We keep all information for as long we need to do so in relation to the client’s instructions, and afterwards in accordance with our policy on record keeping and accounts (see section 7 (Keeping records and accounts)).
- DEALING WITH A CLIENT
4.1 The bases on which we process data
4.1.1 Once a client has entered into a contract with us, we are able to act and carry out our instructions.
4.1.2 We are also under legal obligations to monitor changes in our relationship with a client and its affairs. Therefore, from time to time we must repeat the steps we take when accepting a client, and the same considerations apply in relation to the processing of personal data (please see section 3 (Accepting a client)).
4.2 Types of personal data
The nature of the information we need to provide our services depends on our instructions. Our requirements are reflected in the questions we ask in correspondence and email, or when meeting you or others in person or speaking on the telephone. However, we won’t collect information for which we don’t have a reasonable need in order to carry out your instructions.
4.3 Categories of individual
Directors, officers, employees and other representatives of a client and its shareholders.
4.4 Sources of personal data
We may collect information from you or from third-parties in the course of carrying out our instructions.
4.5 Disclosures of personal data
The reasons we disclose personal information and to whom depends on the legal advice and assistance we’ve been instructed to provide and our legal obligations as solicitors. Where we are unsure whether or not someone is aware of the disclosure to be made, we will inform them beforehand wherever possible. In some situations, we are duty bound to report matters to law enforcement agencies for the prevention and detection of crime, including the police and the National Crime Agency. In certain circumstances we are not permitted to inform a person that we’ve done so or intend to do so.
4.6 How long we keep your personal data
We keep personal data relating to clients only where and for so long as it is necessary to provide our products and services while they are a client and afterwards in accordance with our policy on record keeping (see section 7(Keeping records and accounts)).
- OUR SERVICES AND PROCESSING INFORMATION ABOUT OTHERS
5.1 The basis on which we process personal data
It is in the legitimate interests of our business to process personal data relating to people other than our clients where necessary in order to provide services to our clients.
5.2 Types of personal data
The nature of the information we need to provide legal advice and assistance depends on our instructions. Our requirements are reflected in the questions we ask in correspondence and email, or when meeting people in person or speaking on the telephone. However, we won’t collect information for which we don’t have a reasonable need in order to carry out our instructions.
5.3 Categories of individual
Officers, employees, agents, contractors, and shareholders, and any other third-party relevant to our instructions.
5.4 Sources of personal data
We may collect information from the data subject or from third-parties in the course of carrying out our instructions.
5.5 Disclosures of personal data
We may disclose information to our clients and third-parties in the course of carrying out our instructions.
5.6 How long we keep personal data
We keep personal data only where and for so long as it is necessary to provide our client with our services while they are a client and afterwards in accordance with our policy on record keeping (see section 7 (Keeping records and accounts)).
- DEALING WITH PEOPLE WHO ARE NOT CLIENTS
6.1 The legal basis on which we deal with people who are not clients or associated with a client depends on the circumstances. In all cases we make sure that we have a legitimate reason to do so in connection with our business.
6.2 We communicate and deal with all manner of people in the ordinary course of our business, whether suppliers, regulators, other competent authorities, and others incidentally in connection with our business from time to time. In the course of doing so, having regard to the nature and purpose of those dealings, we will obtain and process personal data. We do not use the data for any purpose other than for which it was given to us.
- KEEPING RECORDS AND ACCOUNTS
7.1 The basis on which we process data
We have a legitimate interest to keep all records relating to our business for our internal and compliance purposes and to deal with queries, complaints or claims which may arise.
7.2 How long we keep your personal data
We keep personal data only where and for so long as it is necessary to provide our services and afterwards for so long as necessary to meet our legal or regulatory obligations or, if longer, in relation to claims which could be made against us. Our normal practice is to keep information for at least six years.
- OPERATING OUR BUSINESS
8.1 Scope of this section
This section is concerned with the systems we use to process personal data and our processing of personal data for internal purposes. It is not concerned with the type of the data, the categories of individual on whom we process data, the classes of the data, the sources and disclosures of the data, nor the period of time which we hold data. For information on those topics, please consult the purpose for which we process the data in the question.
8.2 Operating systems and networks
We process personal data using the following principal systems:
8.2.1 a practice management system, including email, word processing, document management, time recording and invoicing, which is provided by LawWare Ltd; and
8.2.2 our Mattersmith platform is hosted by Mythic Beasts Ltd in a secure private cloud.
- YOUR RIGHTS
You have several rights under data protection law in relation to how we process your information. These are identified below. More information can be obtained from the Information Commissioner’s website at www.https://ico.org.uk
9.1 No charge
We cannot charge for providing you with information when you exercise your rights, except that we may charge a reasonable fee based on our administrative costs to provide you with additional copies where requested in connection with a request to access your data, or where we can demonstrate that your requests are manifestly unfounded or excessive. In the latter case, we may alternatively refuse to act on your request.
9.2 To be informed
You have the right to know what personal data we process and to be provided with access to the information, subject to the need to protect the interests of others as appropriate. If you wish to receive a copy of the personal information we hold on you, you may make a subject access request.
9.3 Request that your personal information be rectified
If your personal data are inaccurate or incomplete, you can require that they are corrected.
You can ask for your information to be deleted or removed if there is not a compelling reason for us to retain it.
9.5 Restrict processing
You can ask to block or suppress the processing of your personal data for certain reasons. This means that we are still permitted to keep your information but only to ensure we don’t use it in the future for those reasons you have restricted.
9.6 Data portability
You are entitled to a copy of your personal data for your own purposes to use across different services. In certain circumstances, you may move, copy or transfer the personal information we hold to another company in a safe and secure way.
9.7 Data breaches
If we are subject to a breach of security which is likely to result in a high risk to individuals about whom we hold data, we must communicate the breach to the individuals concerned without undue delay. In some cases, this may be done by public communications. This right is subject to certain exceptions where measures have been taken to protect the information.
9.8 Objecting and withdrawing consent to processing
9.8.1 You can object to our processing your personal data where it is based on our legitimate interests, in which case we can no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
9.8.2 You can object to our use of personal data relating to you for our direct marketing with a view to attracting you as a client.
9.8.3 Where we process personal data with your consent, you can withdraw it at any time.
- CONTACT INFORMATION AND COMPLAINTS
10.1 If you have any questions about this policy, the personal data we will obtain and process about you, or you wish to complain about our handling of personal data relating to you, please email Andrew Scott at firstname.lastname@example.org
10.2 If we are unable to resolve your compliant to your satisfaction, you could refer the matter to the Information Commissioner’s Office. Here is a link to the website, www.https://ico.org.uk. You may even have a claim in the courts.