We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
ALDERSON LAW LLP collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
Information collected by us
In the course of Operating and Managing a Solicitors Practice and in Supplying Legal Services to our Clients we collect the following personal information when you provide it to us:
- Name Address Date of Birth National Insurance Number Telephone Numbers e mail addresses Passport Details
- Information concerning your Family your Relationships your employment and employment records, relevant financial Information including tax details bank accounts pension details and other information which could identify you as an Individual
- In the case of Business clients information concerning your employees
- Your racial or ethnic origin gender and sexual orientation religious or similar beliefs in the context of a Discrimination claim
- In the context of use of our website and Marketing for the purpose of Business development information concerning e.g. your Social Network presence
Information collected from other sources
We also obtain personal information from other sources as follows:
- Government Agencies e.g. the DWP, Inland Revenue concerning Benefit payments and Tax records
- Local Authorities in relation to information relating to your Housing or Family
- Hospitals Doctors and other Health Professionals or Organisations concerning your medical history
- HM Land Registry and Companies House
- Due diligence Providers
- Other third parties directly
- Our IT Systems
- Our Voicemail system and via our Facebook Account
- The Solicitors Regulation Authority
How we use your personal information
We use your personal information to:
- Enable us to provide legal advice and to enable us to comply with our Professional Regulatory and Contractual obligations to you.
- To conduct checks to verify the identity of staff and clients to enable us to comply with our legal and regulatory obligations
- For our legitimate business interests
- In circumstances when you have given us your consent
Who we share your personal information with
We routinely share the information referred to above and where appropriate with Government Agencies, Local Authorities, Hospitals, Doctors and other Medical Professionals and Organisations, the Crown Prosecution Service & Probation Service, Insurance Companies, other Legal Advisers, External Audit Businesses ,our Professional Indemnity Insurers and Brokers, and external Service Suppliers. This data sharing enables us to fulfil our Professional and Contractual obligations to you in the provision of legal services Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
Whether information has to be provided by you, and if so why
The provision of the type of information described above is required from you to enable us to fulfil our Professional and Contractual Obligations to you in the provision of legal services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us and we will explain what personal information is required and why we require it. We shall not obtain any more information from you of a personal nature than is reasonably necessary to enable us to fulfil our professional and contractual obligations to you.
How long your personal information will be kept
- We will hold your personal information only as long as we consider it necessary to fulfil the purposes we collect it for. Your personal data will be destroyed or deleted once it is no longer necessary for us to hold it
- In the case of Client Files most files will be destroyed after a period of 6 years from the date of closure of the file. In respect of some files a longer retention may be applied to enable us to fulfil our Regulatory or Professional obligations or to enable us to respond to questions or complaints. We will provide further information to clients when writing to them at the conclusion of a matter in which we have been instructed.
Reasons we can collect and use your personal information
In the case of our clients we rely primarily on our Agreement with you to act for you in a Contract to supply you with Legal advice and services as the lawful basis on which we collect and use your personal data .We may also in appropriate cases and where it has been validly provided collect and use your personal data with your consent. We may also collect and use your personal data for our legitimate interests for example to enable us to ensure compliance with our Business Policies, to improve our Business Services, to respond to complaints or to maintain our Quality Standards.
Transfer of your information out of the EEA
In the case of our clients we may need to transfer your personal information to Countries outside the European Economic Area (EEA) where the same data protection laws as the United Kingdom and EEA do not exist. In such circumstances we shall seek your express consent before transferring the data and seek all reasonably necessary assurances that your data will be protected in any such other country.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address by making a ‘Subject Access Request’
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, call or write to our Data Protection Officer GRAHAM SHANNON at Alderson Law LLP 4/8 Stanley Street Blyth Northumberland NE24 2BU firstname.lastname@example.org
- let us have enough information to identify you Name Address and File Reference Number
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 25/5/2018 and last updated on 25/5/2018.
We may change this privacy notice from time to time, when we do we will inform you in writing by e mail or personally.
How to contact us
Please contact our Data Protection Officer if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us or our Data Protection Officer, please send an email to email@example.com write to Graham Shannon DPO Alderson Law LLP 4/8 Stanley Street Blyth Northumberland NE24 2BU or call 01670 352293.
Do you need extra help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).