For the purposes of the General Data Protection Regulations (GDPR) we will be a ‘data controller’ and ‘data processor’ in respect of any personal information and data we hold about you. This policy is intended to set out our standards of confidentiality when we collect, use, and disclose to others any such personal information while providing you with legal advice, representation and other services.
We are committed to respecting your privacy. This notice is to explain how we may use personal information we collect before, during and after your relationship with us. This notice explains how we comply with the law on data protection and what your rights are and for the purposes of data protection we will be the controller of any of your personal information.
This policy is subject to change from time to time.
This policy applies to everyone from whom we collect and process personal information but not limited to, our clients, our referrers of work, consultants we may employ, other lawyers and their clients or people acting in person, our regulators, insurance companies, accountants, auditors.
We are a Licenced Conveyancing Firm, specialising in residential conveyancing. It is not possible to list every type of personal information we gather during our business relationships, and which are necessary for us to deliver our services. Some of the categories of data we collect include, but are not limited to, contact data (addresses, email addresses, telephone numbers), Identity data (names, marital status, date of birth, gender, NI number, family relationships, employment status, job title), Financial data (bank accounts, credit and debit card details, business accounts, salary), Transaction data (retainers, contracts, deeds and documents, evidence, photographs, diary entries, emails records).
The data we receive comes from many sources including, but not limited to, our direct interactions with our clients, contacts, introducers.
It is kept in paper files within the filing system, practice and case management systems, Word, Excel, Google Workspace and other document management systems, audit records, sub-contractor registers, management records, complaints and claims registers.
We may transfer data out of the EU where there was an international legal transaction or court action requiring that transfer.
How are we allowed to process your personal data?
Under Data Protection law we are only allowed to process your personal data if we have a proper reason to do so. This includes sharing it outside the Group. The law allows us to process your data for one or more of the following reasons: -
* to fulfil a contract, we have with you
* when it is our legal duty
* when it is in our legitimate interest
* when you consent to it
A legitimate interest is when we have a business or commercial reason to use your information. This reason must not unfairly go against what is right and best for you.
Our table below shows the ways we may use your personal information and why.
This policy is subject to change from time to time.
How we use your personal information
Why we use your personal information
Where we process special categories of personal data it will be in respect of your transaction only and will be done under Article 9 (2), although not limited to these exceptions, with your explicit consent, or where it is necessary for the establishment, exercise or defence of legal claims on your behalf. This might be done by mail, email, telephone, fax or other communication media.
Who do we share your information with?
We only share personal information where we are reasonably certain that the data will be protected. The categories of people and organisations that we may share data with include, but are not limited to, internal third parties (consultants, contractors, agents, lawyers and employees from other offices, or companies within a Group of companies), External third parties (experts, outsourced IT and other service providers, professional advisers, regulators and other UK authorities, fraud prevention agencies, satisfaction survey companies), External businesses, (negotiate for sale, transfer or merger of all or part of our business).
Security
We are committed to data security and have put in place reasonable physical, electronic, and managerial security measures to protect personal data we hold and prevent it being lost, stolen, or used in unauthorised ways. We have procedures to deal with any data breaches and will notify you and our regulator where we are legally required to do so.
Your legal rights
We recognise the rights of individuals under the data protection laws when processing their data. They may request a copy of the data we hold, object to our processing of the personal data, or request restriction of our processing of the data, request correction of data, request deletion or transfer of the personal data, and withdraw consent to processing. You should not have to pay a fee to exercise any of these rights unless the request is clearly unfounded, repetitive, or excessive; (we may refuse to comply with your request in those circumstances). We aim to respond to all legitimate requests within one calendar month.
