Introduction
UK Data Privacy/Data Protection Law (“UK GDPR”) applies to personal data held or processed within the UK. The following rights continue to apply.
If you are an individual, the rights you have under the UK GDPR include the following:
- (i) right to be informed about information we hold about you;
- (ii) right of access to information we hold about you;
- (iii) right to correct information we hold about you;
- (iv) right to deletion/removal of information we hold about you.
We use your personal data to help us provide our service to you, which includes tailoring the Information we share with you to help ensure that it’s relevant, useful and timely.
We will respect your privacy and work hard to ensure we meet strict regulatory requirements.
We will not sell your personal data to third parties.
We are regulated by the Solicitors Regulation Authority (SRA). As you might expect, we are already subject to strict rules of confidentiality. It is therefore already part of the fabric and culture of our firm to keep your information private and secure.
We would ask you to help us keep your data secure by carefully following any guidance and instructions we give e.g. communicating bank account details and transferring funds to us.
We are sometimes legally obliged to share your personal data with external authorities without notifying you e.g. as required by the Anti-Money Laundering & Counter Terrorist Financing Act 2017. In all other cases, we will be transparent, and we will explain to you why we are requesting your data and how we are using it.
Lawful Reasons for Processing Your Data
UK GDPR states that we are allowed to use your personal data only if we have a proper and lawful reason to do so. This includes sharing it with others outside the firm e.g. an auditor of a relevant quality standard.
UK GDPR provides that proper and lawful reasons to use your personal data may exist under our contract with you, or if we are legally obliged to hold or use your data (e.g. in order to comply with UK tax law), if we have your consent or if we have some other legitimate business or commercial reason to use your information.
Here is a list of all the ways that we may use your personal data, and which of the reasons we rely on to do so.
| Use of your Personal Data | Our reason/justification for processing | Legitimate Business Interest |
| Opening, progressing, closing, archiving and storing a matter/case file. | Under our contract with you, a legal obligation or some other legitimate interest. | Fulfilling your instructions (our retainer) or complying with regulations and the law. |
| Direct marketing to you. | Legitimate interest. | Keeping our records up-to-date, working out which of our products and services may interest you and telling you about them. Providing information on changes in the law and inviting you to contact us for advice. |
| To make and manage client payments for or due to you and to collect in money that is owed to you or us. | Under our contract with you, a legal obligation or some other legitimate interest. | Keeping accounts systems up-to-date. Complying with SRA Accounts Rules and other regulations. Effective and efficient management of a sustainable business. |
| To detect, investigate, report, and seek to prevent financial crime. To manage risk for us and you. To comply with laws and regulations that apply to us. To respond to complaints and seek to resolve them. | Under our contract with you, a legal obligation or some other legitimate interest. | Developing and improving how we deal with financial crime and money laundering. |
| Running our business in an efficient and proper way. Managing financial stability, business capability, planning, communications, corporate governance, and audit. | Under our contract with you, a legal obligation or some other legitimate interest. | Complying with the SRA Accounts Rules and Code of Conduct. Being effective and efficient about how we run our business. Allowing external consultants, advisers and auditors to inspect files. |
| To exercise our rights and comply with obligations set out in agreements or contracts. | Under our contract with you, a legal obligation or some other legitimate interest. | Complying with contractual requirements e.g. for the provision to clients of Public Funding by Public Bodies |
Types of Personal Data we process
| Type of Personal Information | Description |
| Financial | Your Bank account details and your financial status and information. |
| Contact Information | Where you live and how to contact you. |
| Socio-Demographic | This includes details about your work or profession, nationality etc. |
| Transactional | Details about payments to and from your bank accounts. |
| Contractual | Details about the products or services we provide to you. |
| Behavioural | Details about how you use our services. |
| Communications | What we learn about you from letters, emails, and conversations between us. |
| Social Relationships | Your family, friends and other relationships. |
| Open Data and Public Records | Details about you that are in public records such as the Land Registry, and information about you that is openly available on the internet. |
| Documentary Data | Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, driving licence, or birth certificate. |
| Special types of data | The Law and other regulations treat some types of personal information as a special category. We will only collect and use these types of data if the law allows or requires us to do so; · Racial or ethnic origin· Religious or philosophical beliefs· Trade union membership· Genetic and bio-metric data· Health data including gender· Criminal convictions and offences |
| Consents | Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you. |
| National Identifier | A number or code given to you by a government to identify who you are, such as a National Insurance Number. |
Sources of Data
We collect personal data from various sources:
Data | Source | Purpose |
| Data you give us when you instruct us to advise you or act for you | You | To enable us to decide whether to accept your instructions and to progress your matter |
| Data you give us by letter/phone/email and other documents | You | To enable us to decide whether to accept your instructions and to progress your matter |
| Data you give us when you visit our website, via a messaging service or social media | You | To enable us to deal with your query or request and to contact you if appropriate |
| Data you give us during interviews | You | To enable us to advise and represent you and to communicate with other solicitors and third parties on your behalf |
| Data you give us in client surveys | You | To enable us to improve our services and respond to any expressions of dissatisfaction |
| Data provided to us by referrers and introducers | Referrers | To enable us to contact you and to enable us to decide whether to accept your instructions and to progress your matter |
| Fraud Prevention agencies | Agency | To enable us to comply with the law and regulations and carry out client due diligence checks |
| Estate Agents | Agents | To enable us to act on your behalf in relation to a land transaction |
| Other Solicitors | Solicitor Firms | As part of an exchange of information to enable us to progress the matter and advise you |
| Public Bodies | Public bodies such as HMRC, HM Treasury, Local Authority, Land Registry, Land Charges Registry, Probate Registry, Police, CPS, Courts Service and other government departments | To enable us to advise you and progress your matter. To prevent fraud and money laundering |
| Your GP or other medical professional | Doctor | To obtain appropriate medical reports |
Who we share your data with
Subject to the SRA Code of Conduct and the requirements about client confidentiality, we may share your personal information with;
- (i) Lawyers or other organisations on the other side of a matter or case.
- (ii) Barristers or experts we instruct on your behalf.
- (iii) The courts and other tribunals.
- (iv) Your personal representatives or attorneys.
- (v) Auditors.
- (vi) Lenders, Estate Agents, IFAs, referrers;
- (vii) HMRC, central and local government departments and agencies (e.g Land Registry), police and fraud prevention agencies;
- (viii) SRA and other regulators;
- (ix) ID checking organisations (e.g. Credas)
Your refusal to provide Personal Data requested
You are entitled to decline to provide personal information we request of you. But, if you do it may cause delay or may even mean that we shall be unable to continue to act for you.
How long we keep your Personal Data
We are legally obliged to store your file for 6 years after the date of completion of your case or matter. After 6 years has expired, we are under a positive legal obligation to destroy your case file.
However, we store original Wills, original Lasting Powers of Attorney and the originals of other important documents (e.g., title deeds and documents to land) indefinitely until requested or required by the person lawfully entitled to ownership or possession of them.
We will keep your name and personal contact details on our database until you tell us that you would like them removed.
If you would like to know what information we are storing or would like to access any of it, then please feel free to contact us at any time. If you think that any information we have about you is incomplete or incorrect, then please let us know.
Subject to any lien for non-payment of our fees, we may transfer your papers to another solicitor upon receipt of your signed consent. However, as explained in our client care letter, not all papers on your case file necessarily belong to you; some, such as our notes of our calls and meetings with you belong to us and you are not necessarily entitled to them or even copies of them. If you would like to know more about this then please do not hesitate to ask.
How to raise concerns
If you are unhappy about how we are using your Personal Data then you can complain to us using the contact information above.
You also have the right to complain to the Information Commissioner’s Office (ICO). Further details on how to raise a concern about our information rights practices with the ICO can be found on the ICO’s website: https://ico.org.uk/concerns