What does ‘processing’ mean when it comes to personal data?
The term ‘processing’ refers to any manual or automated action performed on personal data. So that includes (but isn’t limited to) collecting it, recording it, organising it, structuring it, storing it, altering it, retrieving it, consulting it, transmitting it, making it available somewhere, combining it, restricting it, or erasing or destroying it.
What information do we collect about you?
- personal details including your name, date of birth, address, phone number and email address for us to provide the legal services to you
- technical info like your internet protocol (IP) address, and details of the web browser you’re using
- information on how you use our site. We do this with cookies, and page tags and scripts (there’s more on this below)
- identity information like your passport, driving licence, utility bills or national identity card when we need it for legal reasons (i.e. documents that show we’ve done our ‘due diligence’ to prevent fraud, financial crime and money laundering)
- credit history and records relating to you, your partner or anyone else you’re linked with financially or commercially (we get this from credit reference and fraud prevention agencies).
‘Special categories of personal data’
We don’t generally process information referred to as ‘special categories of personal data’. So that’s data about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, and so on. We’ll only do this if you give it to us voluntarily, or we need it for a service you’ve asked us for. And wherever we can we’ll keep the collection and use of this type of data to a minimum.
Why we collect your information
We process the info we collect from you:
- to provide legal services (including billing)
- when we’re dealing with your account through the website, in writing or over the phone
- so we can give you any information or help you ask us for
- to comply with our legal obligations to prevent financial crime and money laundering, including checking your identity, and for any audits we need to do
- to carry out any duties we’ve agreed to do in any contracts we have with you
- to tell you about products and services you or your business might be interested in (we’ll only do this if you say we can)
- so you can use the interactive features of our services when you choose to (like the online chat service on our website)
- to help us train our people and improve our service to you.
Why we process your information
We processes your personal info for the following reasons:
- As it is necessary to perform our contract with you for the relevant services;
- To take steps at your request prior to entering into it;
- To allow you to decide whether to enter into it;
- To manage and perform that contract;
- To update your records; and
- As it is necessary for our own legitimate interests or those of other persons and organisations, for example:
- For good governance, accounting and managing and auditing of our business operations;
- To monitor emails, calls, other communications, and activities on the website.
- For market research, analysis and developing statistics;
- To send you marketing communications;
- To monitor the progress of the services provided to you; and
- To enable satisfaction surveys to be conducted.
- As it is necessary to comply with a legal obligation, for example:
- When you exercise your rights under data protection law and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal claims;
- For activities in relation to the prevention, detection, and investigation of crime;
- To monitor emails, calls, other communications, and activities.
- Based on your consent, for example;
- When you request us to disclose your personal data to other people or organisations, such as a company handling a claim on your behalf, or otherwise agree to disclosures;
- To send you marketing communications where we have asked for your consent to do so.
How long we keep your personal info
We follow the laws that apply when it comes to how long we hold on to your personal information. So we’ll destroy it or make it anonymous when we don’t need it anymore.
Here’s some info on how long we keep different types of data.
|What’s the information?||How long do we keep it?|
|General personal data like identity and financial data||Six years after the end of our business relationship with you|
|Material we need for legal reasons i.e. documents that show we’ve done our ‘due diligence’ to prevent fraud, financial crime and money laundering. That includes things like copies of your passport, driver’s licence, bank statements and any other documents you give us||Five years after the end of our business relationship with you|
|Special categories of personal data (i.e. data about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, and so on)||Six years after the end of our business relationship with you|
|Recordings of phone calls||One year from the date of the call|
|CCTV – digital images of you if you come to our offices||90 days after they were recorded|
Who we share your information with
There are a few third party companies and organisations we might give your information to. They are:
- regulatory authorities – we might need to do this to make sure we’re following the law and/ or regulations
- credit reference agencies – to check your identity
- insurers – so we can give you the right level of financial cover, or if you make a claim against us
- government departments like HMRC, Companies House, Local London Authorities and Trading Standards – for legal reasons
- our auditors and external assessment bodies – this is so we can meet any regulatory or quality assurance standards and accreditations we need to, and so we can give you quality legal services
- third party service providers – we’ll only do this if you agreed to take their service or you’ve told us you’re interested in finding out more about them.
How we keep your data secure
We do everything we can to keep your personal information safe. So we have systems in place to protect it from loss, misuse, unauthorised access, modification or disclosure.
Where we store your personal data
We usually hold your data inside the European Economic Area (EEA) and we will only ever send your data outside of the European Economic Area (‘EEA’) to:
- Comply with a legal duty
- Provide our Legal services
If we do transfer information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA. To do this, we will use one or more of these safeguards:
- Only transfer it to a non-EEA country with privacy laws that give the same protection as the EEA, as deemed by the European Commission
- Ensure that a contract with the recipient is in place that means they must protect it to the same standards as the EEA
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries.
You can find out more about these safeguards on the European Commission Justice and Information Commissioner’s Office (ICO) websites.
If you want to see or change the data we have about you
You have the right to ask us for a copy of the personal info we hold about you. And if any of it’s wrong, you can ask us to put it right, or delete it. Under certain circumstances you might also have the right to ask us to stop processing your personal information – but this doesn’t apply where there’s a legal or legitimate business reason for us to keep doing it.
If you’d like to do this, please email us or write to Data Protection Supervisor, Beaumont House, 1 Paragon Avenue, Wakefield, WF1 2UF.
Updating this policy
We review this policy regularly and we’ll update it on this page when we need to. If we make a major change which affects the way we use any personal info we hold about you, we’ll get in touch with you to let you know.
If you want to complain about the way we’ve handled my personal data
You can email us at firstname.lastname@example.org or write to Data Protection Supervisor, Beaumont House, 1 Paragon Avenue, Wakefield, WF1 2UF.
You can also complain to the Information Commissioner’s Office – go to their website www.ico.org.uk to find out how.