This Notice explains when we collect, store and process personal information and data about you, and why we do so; how we use it and when we can disclose it to others. It also explains how we keep your personal data secure.
Please read this notice carefully, together with our general terms and conditions which have been sent to you separately and we will provide more information on confidentiality, date of privacy and date of disclosure.
The website covered by this Notice is “Hardmans-law.co.uk.” This Notice does not apply to any websites that may have a link to ours.
Data is collected, processed and stored by Hardmans Solicitors.
Under Data Protection legislation we are what is known as “the data controller” of your personal data which you give to us. Hardmans Solicitors is authorised to practise by the Solicitors Regulation Authority. Our SRA Number is 272025.
We are also registered with the Information Commissioner’s Office under registration reference Z5282423.
WHAT INFORMATION DO WE COLLECT?
The information we will request from you will depend on what work you want us to carry out for you. This Data Privacy Notice is intended for clients and prospective clients only.
Information we will usually need from you in order to provide legal services to you will include:-
a) Your full name.
b) Your address.
c) Your date of birth.
d) Your email address(es).
e) Your telephone number(s).
f) Your banking details.
g) Your passport and/or driving licence or other photographic identification.
h) Other ID verification (eg utility bill or Council Tax statement).
i) Your National Insurance number.
We may also need more sensitive personal data such as data in respect of the following:-
a) Your race.
b) Your ethnic origin.
c) Any religious beliefs you may have.
d) Your health.
e) Any past criminal convictions.
f) Any medical conditions relevant to the work we are carrying out for you.
g) Any other information of a sensitive nature if this is required to carry out your instructions.
To comply with our regulatory requirements and obligations under the law, we are required to verify your identity. We will require you to provide copies of certain documents and respond to any queries we may have. If a transaction is involved we will be asking about the source of funds and requesting any supporting documents.
As part of the client verification check we will commission an on-line search to verify your identity.
These checks are a necessity before we are able to work for you and carry out your instructions.
USE OF YOUR PERSONAL DATA
The primary reason for asking you to provide personal data is to allow us to properly carry out your instructions in relation to any legal work you ask us to undertake on your behalf.
We will collect and store your personal and financial information which will be handled in accordance with The Data Protection Act 1998 as amended, extended, re-enacted or consolidated from time to time (including without limitation the implementation of the General Data Protection Regulation 2016/679/EC) (Data Protection Legislation). We will use your information to ensure proper performance of our agreement with you and to comply with our legal obligations when providing the services you have asked us to carry out.
Your information may be used for:-
- Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases where funding is being provided by a family member or third party we will need to obtain personal information/data from them and any such data provided to us will also be subject to the terms of this Data Protection Privacy Notice;
- The detection of fraud or other criminal activity;
- Communicating with you during the matter;
- Providing you with advice to carry out litigation on your behalf or on behalf on any organisation you represent, prepare documents or to complete transactions on yours or your organisation’s behalf;
- Keeping financial records of your transaction and the transactions we make on your behalf. Please note we do not store payment card information;
- Seeking advice from third parties in connection with your matter;
- Responding to any complaint or allegation of negligence against us;
- Internal management and business planning;
- Keeping records of sources of work and new enquiries;
- Storage and archiving of files and documents and all systems relating thereto;
- Providing you with information about further legal work or services that could benefit you whilst we are carrying out the work you have instructed us to do on your behalf.
WHO MAY HAVE ACCESS TO YOUR PERSONAL DATA?
We have a Data Protection Policy in place to ensure the effective and secure use and processing of your personal data at all times.
We will not sell your information to third parties and we will not share your information with third parties for marketing purposes.
We will only disclose your data to third parties where such disclosure is required in respect of the work we are undertaking on your behalf.
Disclosures may need to be made to institutions such as:-
- The Land Registry (in respect of property registrations and other registration applications).
- HM Revenue & Customs.
- HM Courts & Tribunal Service.
- Solicitors acting on the other side of your matter.
- Other professional experts where necessary to your matter.
- Third party professional agencies.
- Contracted suppliers.
- Our professional regulators including the Solicitors Regulation Authority and the Law Society, as well as the Information Commissioner.
- Our external auditors.
- Banks and building societies or other financial institutions.
- Insurance companies where relevant to your matter.
- Our external identification verification supplier.
- Our IT support suppliers.
- Any relevant connected parties in the transaction (eg Estate Agent, lenders, financial service providers).
- Connected third parties where you have provided the information – eg in relation to the appointment of attorneys, trustees or close friends/relatives.
- The Legal Ombudsman.
- The Financial Conduct Authority.
- The Financial Ombudsman Service.
- Any other relevant Ombudsman appertaining to the nature of your matter.
- Any disclosure required by law in particular in relation to prevention of financial crime and/or terrorism.
- If there is an emergency we may provide your personal data to relevant external agencies if we think you or others are at significant risk.
There may be some uses of personal data which may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
We do not share your personal data with any third parties unless it is necessary to carry out your instructions. Data may be shared in order to complete your legal work and as required by law. Your information will be stored on our computer system and therefore it could be shared with our external contractors/maintenance providers in respect of ongoing support and maintenance of our IT system but we will take all necessary steps to protect your personal data should any third party access be required.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We recognise that your personal data is very valuable and therefore we have put in place all reasonable measures to protect it whilst it is in our care. We have high standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. We have strict rules and regulations regarding client confidentiality and ensure that we observe our obligations in this respect at all times. Where appropriate external parties have agreed to protect the confidential information which you give us.
We use computer safeguards such as firewalls and data encryption and our IT system is supported by a specialist external IT support provider.
We have technology and operational security policies and procedures in place to oversee the use of your personal data within the operation of our business.
All of our staff who have access to your information have been trained and undergo regular training updates and are fully aware of the client confidentiality rules and the importance of data protection.
If you think any information we hold about you is incorrect or incomplete or has been changed since you first told us please let us know as soon as possible so that we can update our records.
CHANGES TO THE DATA PROTECTION LAWS AND HOW THIS AFFECTS THE PROCESSING OF YOUR PERSONAL DATA
The General Data Protection Regulations replace the Data Protection Act 1998 on the 25th of May 2018.
As a result we are required to ensure that we are concise, transparent and intelligible when processing your personal data and giving you information about how we do this.
We are also required to ensure information is easily accessible, written in clear and plain language (particularly if addressed to a child) and free of charge.
We confirm that we will provide you with a copy of your personal data free of charge upon a written request from you. If you wish to make a request for your personal data please contact Eleanore Plews (email@example.com) or by telephone on 01304 373377 or in writing to Hardmans, 4-6 Park Street, Deal, Kent CT14 6AQ, or contact the person dealing with your matter within our firm.
Such a request will entitle you to a copy of the personal data we hold for you. This will include things such as your name, address, contact details, date of birth etc. Please note that we will not normally provide you with a copy of your file when you request confirmation of personal data which we hold for you because the focus of the documents in your file are likely to be lengthy and relate to your legal matter rather than your personal information.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA FOR?
Your personal data will be kept only for as long as is necessary to:-
- Carry out your work.
- As is required to be kept by law.
- Until the period that you could make a claim against us has elapsed, which is usually 7 years after the matter ended (or if we have acted for a child under 18, when they reach their 25th birthday).
- If we have acted in a matter which you had suffered mental impairment or provisional awards have been made then the file can be kept for up to 100 years from your date of birth.
- For the duration of a trust, indefinitely.
- We may keep Wills, Will files and any related documents for up to 30 years.
- Probate may be retained for up to 30 years.
- Deeds to an unregistered property may be kept indefinitely.
- Transactions which are commercial in nature, sales of leasehold purchases, or matrimonial matters may be kept for 15 years.
- Information obtained from prospective clients is kept for 12 months for the purposes of providing quotations and any subsequent follow up.
- In relation to all other matters in relation to which we are instructed, for up to 15 years.
WHAT HAPPENS IF I DO NOT WANT YOU TO USE MY PERSONAL DATA?
Under the General Data Protection Regulations you have 3 rights:-
a) The right to object to specific types of processing.
b) The right to be forgotten.
c) The right to restrict processing.
Depending upon the nature of the request we will comply with it to the fullest extent possible but in some cases this could mean we are unable to continue working for you, in which case work would cease at the earliest opportunity but you would remain liable for the fees and disbursements incurred to date.
If you have opted in to marketing but subsequently withdraw your consent we will act on your request immediately it is received.
In certain situations you may be able to ask for restrictions to be placed on the processing of your data or to exercise your right to be forgotten.
A restriction has the effect of freezing data so we would continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirement of the General Data Protection Regulations.
USE OF YOUR DATA IN MARKETING
We may contact you for the purposes of direct marketing but only if you have given us your express and clear consent to do so. You can withdraw your consent to send you marketing information at any time by contacting us on 01304 373377 or in writing at Hardmans, 4-6 Park Street, Deal, Kent CT14 6AQ.
If you do consent to receive direct marketing communication from us then you will only receive information from us. We will never pass on or sell your details to a third party.
COMPLAINTS ABOUT THE USE OF YOUR PERSONAL DATA
Please contact one of our partners, Eleanore Plews or Catherine Hobson if you have any complaint or concern over how your data will be used. We will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 01303 1231113 and their website is www.ico.org.uk.
Any questions regarding this Notice and our privacy practices should be sent by email to firstname.lastname@example.org or addressed directly with any one of our solicitors.
Hardmans is authorised and regulated by the Solicitors Regulation Authority – number 272025.