25th May 2018
Your personal data – What is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession, or that is likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
Who are we?
Marlborough Law Limited is the data controller. It decides how, and for what purpose, your data is dealt with.
For what do we use your personal information?
In the course of your legal transaction we collect the following personal information when you provide it to us:
- Name, address, date of birth, contact information (telephone and email where appropriate) National Insurance number (where appropriate)
- Identity information and documentation
- Additional information in relation to your legal transaction to enable us to advise you and progress your case. This will depend on the type of legal work you instruct the firm to undertake
We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance. The information will be held in hard copy and/or electronic format.
You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.
We will only take instructions from you or someone you authorise in writing. Where you are acting as an agent or trustee, you agree to advise your principal or the beneficiary of the trust that their personal information will be dealt with on these terms.
If we are working on your matter in conjunction with other professionals who are advising you, including experts, barristers, banks, building societies, mortgage lenders, estate agents etc., we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them, if we feel it is appropriate and necessary.
We use a private, secure, cloud computing service to assist us in processing and protecting your information and keeping it secure from the risks of cybercrime and fraud. All of the personal information you provide to us is kept in the UK; we will not transfer any of your personal data to another country outside the UK unless you specifically instruct us to do so.
There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority, Bar Standards Board, the Information Commissioner, Courts and Tribunals. If we are required to disclose information to the National Crime Agency, we may not be able to tell you that a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.
We are required to carry out money laundering checks and will share some client information.
Occasionally some of our client files may be audited strictly confidentially by external auditors or examiners to ensure we meet our legal, quality and financial management standards. Unless you tell us otherwise we will assume you have no objection. You may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material.
We will not share your personal information with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for you without your explicit consent.
How long your personal data will be kept
- We will hold your personal data including your name, address and contact details plus your file of papers for a period of time, depending on the nature of your case. We will confirm this to you at the end of your case. After this period of time, your file of papers including the electronic file, will be destroyed confidentially without further reference to you, unless we contact you to confirm other arrangements or you contact us to request your file of papers at an earlier date.
- In order to meet our regulatory requirements, we may be required to retain basic information about you to include your name, address and date of birth on our electronic database for a longer period of time.
For what reasons can we collect and use your personal information?
We intend to rely on the following lawful bases to collect and use your personal or sensitive personal data:
- Your Consent
- Contractual Obligations
- Legal Obligations
- Public Task
- Legitimate Interests
Marketing
Information about the firm and up to date articles which may be of interest to you are available on our website www.marlborough-law.co.uk. We would encourage you to refer to this. In relation to future marketing, we would like to keep in touch with you and let you know periodically about information that we think may be of specific interest to you or to tell you about events or developments in the firm. We ask you to provide your email address and give specific confirmation that you want to “opt in” to us sending you such information in the future. If you provide your consent, you may withdraw it at any time by contacting us to confirm that you no longer want us to contact you. If you provide your consent, we may use third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will never disclose your information to third parties for them to use for their own marketing purposes.
If you are an existing client of the firm or we are holding documents for you such as wills or deeds, we may rely on legitimate interests as the reason for contacting you in future. We will only do this where we feel it would be of benefit to you or where we need to update you in elation to our terms and conditions.
Your rights and your personal data
Unless subject to an exemption under the GDPR you have the following rights with respect to your personal data:
The right to know if we are processing data about you and to obtain a copy of your personal data which Marlborough Law holds about you, normally free of charge.
The right to request that Marlborough Law Limited corrects any personal data if it is found to be inaccurate or out of date.
The right to request your personal data is erased where it is no longer necessary for Marlborough Law Limited to retain such data.
The right to withdraw your consent to the processing at any time (this only applies if consent is relied upon as a processing condition.)
The right to request that Marlborough Law Limited provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability). This only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable) [nb this only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
The right to lodge a complaint with the Information Commissioners Office.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information. The GDPR also gives you right to lodge a complaint with a supervisory authority.
The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns/ or telephone 0303 1231113.
How to contact us
Please contact our Data Protection Officer if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact our Data Protection Officer, please send a letter marked FAO Data Protection Officer,
or call 01672 552552.
If you would like this notice in another
format please let us know.