The General Data Protection Regulation (GDPR) applies from Friday 25th May 2018. Rachel Conn is the Data Controller within the firm.
We do not collect data from our website and we do not process the data of our clients for marketing purposes.
Data from you
Most of the data is collected from each client of the firm by Rachel Conn personally, for the purpose of fulfilling the retainer for that client. We are also obliged to satisfy the money laundering requirements which apply to this practice through our regulatory bodies. We may also collect data from the Land Registry or other publicly accessible sources in order to advise.
The data we process for a client will include first name, maiden name if applicable, last name, marital status, title, date of birth and gender. For tax work, we will need a client’s national insurance number and UTR if used. Contact data will be your home address, email address and telephone number. Bank account details would be collected only if we hold money due to you which is sent electronically or by cheque as the client decides. If preparing your will, we would ask for data about your family and dependants.
We do not retain technical profile or usage data, nor will clients be asked about their preferences regarding marketing communications as our clients come to us by recommendation.
This includes data about someone’s health, and this is the only sensitive data which a client will be asked for in connection with either the preparation of a will or a lasting power of attorney. The data on the health of a third party who is the subject of a deputyship application to the Court of Protection will also be processed if the medical certificate is sent to us by the third party’s GP in order to make the court application on the instructions of the proposed deputy.
How we use the personal data of our clients
The data is used within the law and the most common uses are:
Where we need to perform the retainer required of us by the client.
Where it is necessary for our legitimate interest (or those of a third party such as in the Court of Protection example given above) and a client’s interests and fundamental rights do not override those interests.
We need to comply with a legal or regulatory obligation.
Purposes for processing the personal data of clients
We need to identify you so that you can be registered as a new client and to enable us to fulfil the retainer required of us within the law. We would also use the data of a client to deal with payment for the retainer and if necessary collect and recover money owed to us by a client.
We would also refer to a client’s data to check suspected spam emails or enquiries which purport to come from a client in order to protect the data we hold.
Disclosure of a client’s personal data
We may need to share your personal data with service providers who provide IT and system administration services, with particular reference to security of our data storage systems. Data could also be shared with professional advisors including other lawyers, this firm’s auditors, insurers, HMRC and any other regulators or authorities based in the United Kingdom who require us as a firm of solicitors, to report on any activities we process within the parameters of a legal practice.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data by employees and third parties who have a business need to know such data: they will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify any applicable regulator of a breach where we are legally required to do so, and also notify the client concerned.
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
If someone ceases to be a client, we will retain his or her records for 6 years after the client leaves for tax purposes. Should a transaction commence but prove abortive and no identification is provided, the initial information supplied will be deleted. In some circumstances a client may ask us to delete his or her data. To find out more about access to personal data, having it corrected or erased or transferred, please refer to www.ico.org.uk where there is a guide to the new General Data Protection Regulations for individual rights.
If a client wants to access his or her own personal data we do not charge a fee, however we may charge a reasonable fee if a client makes the request repetitively or is found subsequently to be unfounded. We reserve the right to refuse to comply with multiple or excessive requests.
We try to respond to all legitimate requests within one month.
Third Party Links
This website may include links to third party websites. Clicking on those links may allow third parties to collect to share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notices of every website you visit.
Terms of Business