OUR PRIVACY (GDPR) POLICY
Introduction
We take your privacy very seriously. Please read this policy carefully. It contains important information on how and why we collect, store, use and share your personal data. It also explains your rights in relation to the personal data we hold and process regarding you, and how you can contact us or supervisory authorities in the event that you may have concerns or a complaint.
In using your personal data, we are regulated under the General Data Protection Regulation (GDPR). These regulations apply across the European Union and we are responsible in the capacity of ‘controller’ of your personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the UK GDPR, other relevant UK and EU legislation and our professional duties including our duty of confidentiality.
Key Definitions
The essential terms used in this policy have the following meanings:
We, us, our: Redstone Legal Services Limited trading as Redstone Solicitors
Personal data: Any information relating to an identified or identifiable individual
Special category personal data: Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership; genetic and biometric data; data concerning health, sex life or sexual orientation
Who we are
We are a firm of solicitors regulated by the Solicitors Regulation Authority. For the purposes of the GDPR we are the “controller” of your personal data.
Whose personal data we may control
We may collect, store, use and share personal data about the following categories of people:
• Our clients, their family members and other relevant persons
• Our employees
• Advisers, consultants and other professionals
• Our suppliers and service providers
• Enquirers
• Complainants
Personal data we will collect about you
We set out below the personal data we will collect in the course of advising and/or acting for you:
• Name, date of birth, gender, nationality, passport and/or identity card details;
• Address, telephone number, e-mail address;
• Information relating to the matter in which you are seeking our advice or representation.
Personal data we will collect about you
We set out below the personal data we may collect in the course of advising and/or acting for you depending on why you have instructed us:
• National Insurance and tax details;
• Financial details, bank account details;
• Employment, professional and business related information;
• Personal details of family members, relatives and other relevant individuals;
• Information relating to marital status;
• Information relating to online presence;
• Medical information;
• Education, lifestyle and social circumstances;
• Your criminal history;
• Racial, ethnic origin, gender and sexual orientation, religious or similar beliefs related information.
We require this personal data to be able to provide our services to you.
How your personal data is collected
We collect most of this information directly from you. However, we may also collect information:
- from publicly accessible source such as the Companies House, HM Land Registry, etc.;
- directly from a third party, e.g.:
- credit reference agencies;
- client due diligence providers;
- from a third party with your consent, e.g.:
- your bank or building society or other financial institutions;
- consultants and other professionals we may engage in relation to your matter;
- your employer and/or trade union, professional body or pension administrators;
- your doctors, medical and occupational health professionals;
- via our website;
- via our information technology (IT) systems, e.g.:
- case management, document management and time recording systems;
- automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems.
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so. When we use your data we will rely on one or more of the following reasons:
• to provide our services to you;
• to protect and promote your legitimate interests;
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• to comply with our legal and regulatory obligations;
• for our legitimate interests or those of a third party; or
• where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The following is a list of examples of what we may use your data for:
• Verifying your identity;
• Verifying source of your funds;
• Communicating with you;
• Providing you with legal advice and representation in your legal matter(s);
• Obtaining insurance for you or on your behalf;
• Keeping records of your legal matter(s) or transaction(s);
• Instructing third parties such as barristers, experts, etc.;
• Ensuring business policies are adhered to, e.g. policies covering security and internet use;
• Operational reasons, such as improving efficiency, training and quality control;
• Statistical analysis to help us manage our practice, e.g. in relation to our client base, work type or other efficiency measures;
• Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies;
• External audits and quality checks, such as for Lexcel, ISO or Investors in People accreditation and the audit of our accounts;
• Responding to a complaint or allegation of negligence against us;
• Marketing our services.
The above table does not apply to special category personal data, which we will only use with your explicit consent.
Marketing Communications
We may use your personal data to send you updates (by email, text message, telephone or post) about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services.
We will contact you for marketing purposes only with your consent. Please tick the relevant box on the “Letter of Acknowledgement” if you would like to hear from us as indicated above.
Who we may share your personal data with
We may share personal data with:
• professional advisers who we instruct on your behalf or refer you to, e.g. barristers, medical professionals, accountants, tax advisors, translators or other experts;
• the Home Office;
• solicitors acting on the other side;
• other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
• Courts, Tribunals and the HMRC;
• credit reference and identity verification agencies;
• our insurers and brokers;
• our IT and case management providers;
• contracted suppliers;
• external auditors, e.g. in relation to ISO or Lexcel accreditation and the audit of our accounts;
• bank(s), building societies or other financial institutions;
• other third parties where disclosure is required by law or a regulation;
• other third parties such as a family member or representative in relation to whom you have instructed us to discuss your case with.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
Where your personal data is held
Information may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long your personal data will be kept
We will retain your personal data only for as long as necessary to fulfil the purposes for which the information was collected, or as required by law, or as long as it is set out in any relevant contract you may hold with us. We will do so for one of these reasons:
• to respond to any questions, complaints or claims made by you or on your behalf;
• to show that we treated you fairly;
• to keep records required by law.
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. For instance, we will keep your personal data:
• for as long as necessary to provide our services to you;
• for a minimum period of 7 years following the conclusion of your legal matter(s) in case we may need to re-open your case to respond to any questions, complaints or claims made by you or on your behalf;
• for the duration of the trust, if you matter involves a trust;
• indefinitely if your matter involves a Will or a related transaction;
In order to meet our regulatory requirements, we may be required to retain basic information about you, including your name, address and date of birth on our electronic database for a longer period. When it is no longer necessary to retain your personal data, we will delete it.
Your rights
Under GDPR you have a number of important rights, which you can exercise free of charge, including:
• Right to access: The right to be provided with a copy of your personal data.
• Right to be informed: The right to be informed of what, why and how your personal data is collected and used..
• Right to rectification: The right to require us to correct any mistakes in your personal data.
• Right to erasure: The right to require us to delete your personal data where there is no compelling reason for its continued processing.
• Right to object: The right to object t processing based on legitimate interests; and direct marketing.
• Right to restrict processing: The right to require us to restrict processing of your personal data in certain circumstances, e.g. if you contest the accuracy of the data.
• Right to data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations.
• Right not to be subject to automated individual decision-making: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
Further information about these rights can be found on the Information Commissioners Website www.ico.org.uk/for-the-public/.
If you would like to exercise any of these rights, please:
• email, call or write to our Data Protection Officer;
• let us have enough information to identify you;
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
• let us know the information to which your request relates, including any account or reference numbers, if you have them.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Changes to this policy
We may change this privacy policy from time to time for updating and continued compliance purposes.
How to contact us
Please contact us and/or by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Mr Yasar Dogan
Redstone Solicitors
Unit B, 17 Downham Road
London
N1 5AA
Tel: 0203 940 5959
E-mail: yd@redstonesolicitors.co.uk