The primary reason we use your information is to provide you with legal services and other related purposes, including:
- our legal and regulatory compliance
- updating and managing our client records
- analysis to help us manage our firm
- statutory returns.
In accordance with data protection regulations we rely on the following lawful bases to process your data and personal information:
- our retainer with you
- legitimate interests.
For the purposes of the General Data Protection Regulations 2018/Data Protection Act 2018, we are a “data controller”. We decide how we hold and use personal information about you. Our Data Protection Officer (“DPO”) is Leigh Ecclestone. He can be contacted via the email address firstname.lastname@example.org or by post to 4 Beaconsfield Road, St Albans, Hertfordshire AL1 3RD.
Personal data processed by us may include, but is not limited to, personal details, family details, goods and services, financial details, business details and education and employment details.
Our use of your data is subject to your instructions, data protection law and our duty of confidentiality.
We ensure that we comply with data protection law. This requires that the personal information we hold about you must be:
- used lawfully, fairly and in a transparent way;
- accurate and up to date;
- relevant to the purposes we have told you about and limited only to those purposes;
- collected only for valid purposes which we have clearly explained and not used in any way that is incompatible for those purposes;
- kept only as long as necessary for the purposes we have told you about;
- kept securely.
Please also note that the work we undertake on your behalf may also require us to pass on such information to third parties, for example expert witnesses and other professional advisers, including sometimes advisers appointed by another party to your matter.
We may also give such information to others who perform services for us, such as typing or photocopying.
The data may also be shared with family, associates or representatives, current, past or prospective employers, healthcare professionals, social and welfare organisations, business associates, trade associations, professional bodies, suppliers and service providers, regulatory authorities, complainants, financial organisations, debt collection and tracing agents, credit reference agencies and courts and tribunals.
We may also be audited or checked by our accountants or our regulator.
We do not normally copy such information to anyone outside the European Economic Area, however we may do so when the particular circumstances of your case require. All such third parties are required to maintain confidentiality in relation to your files.
The personal data you provide will be retained in accordance with our file retention periods. Please see our Terms of Business.
Under data protection legislation you have a right of access to your personal data held by us. We seek to keep that personal data up to date and correct. You should therefore let us know if you believe the information we hold about you needs to be corrected or updated. In addition, you also have the following rights:
- to request from us access to and erasure of your personal data or to restrict processing of your data or to object to processing;
- the right to data portability;
- the right to withdraw consent at any time to your file being audited by external third parties;
- the right to lodge a complaint with the Information Commissioner’s Office – ico.org.uk.
Provision of your personal data is a contractual requirement, as this is necessary to enable us to provide legal services to you. In the event that you refuse to provide such data, as required, this may impact upon our ability to act for you or we may be prevented from complying with our legal obligations, for example our anti money laundering obligations.
Updated June 2019