HARVEY COPPING & HARRISON LLP PRIVACY NOTICE
With effect from 25 May 2018, the General Data Protection Regulation (known as the “GDPR”) governs how organisations handle personal data, whilst it also expands the rights of individuals to control how their personal data is collected and processed.
Harvey Copping & Harrison LLP (referred to in this Privacy Notice as “we” or “us”) is a data controller under the provisions of the GDPR. We are committed to ensuring compliance with our Data Protection obligations, in order to mitigate the risks of failing to protect the personal data of clients or employees, breaching the data protection legislation, or breaching our obligations under the Solicitors Regulation Authority Code of Conduct 2011. We would invite you to read the contents of this Privacy Notice carefully, to ensure you understand how and why your personal data is collected, and how this is used by us. In the event you have any queries concerning any aspect of this Privacy Notice, please contact our Managing Partner, Susan Shepard, who is based at our South Woodham Ferrers office. Mrs Shepard can be contacted by email at firstname.lastname@example.org or by telephone during office hours on 01245 322956.
Personal data is data which can be used to identify you, whether by itself or when combined with other data available to us. From the time you first make contact with us we will begin to collect your personal data, and this will continue throughout the time we have conduct of your matter. The exact information we will request from you will depend on the work you have asked us to undertake on your behalf, or what we are contracted to do for you. Most of your personal data will be collected from you directly, however there may be occasions when information is collected indirectly. The personal data that we collect and use may include the following:-
(i) Full name, current address, and address history.
(ii) Contact details, to include email address, home and mobile telephone numbers.
(iii) Date of birth and/or age.
(iv) Financial information to include details of your assets and liabilities, income and pensions.
(v) Information from credit reference or fraud prevention agencies, electoral roll, Court records of debt Judgments and bankruptcies, Companies House, HM Land Registry and other publicly available sources.
(vi) Family lifestyle or social circumstances, for example the number of dependants you have.
(vii) Education and employment details/employment status.
We will always keep requests for information to the minimum level that is required to carry out your work. However, in some circumstances, we may also need to request sensitive personal data which may include details of your religious beliefs, your physical or mental health, and/or details concerning an alleged or actual criminal offence, together with your criminal record. In circumstances where we may need to share this information with third parties, for example expert witnesses in Court proceedings, we will have safeguards in place to ensure that your information remains confidential and secure.
We will inform you if the provision of certain personal data is optional but in all other instances, we must request that you provide the information that we have requested, together with any supporting documents. In the event you fail to provide the information and documents requested, and particularly if this means that we are unable to verify your identity, we will be unable to act on your behalf.
Sources of Information
The personal data that we collect about you may be drawn from a number of sources which include, but are not limited to, the following:-
(i) You may provide the information to us directly, whether verbally, in writing (e.g. by letter, email or fax) or through our website. All data that you disclose should be complete, accurate and up to date and, in the event you provide personal data regarding a third party, you must ensure you have the authority to do so.
(ii) We may receive information from third parties, to enable us to undertake the work that you have instructed us to do. These third parties may include but are not limited to banks, building societies and financial institutions; individuals or organisations that have referred work to us; and other professional service providers such as barristers chambers, accountants or independent financial advisors.
(iii) Information may be collected about you through our website. For more information, please see our Website Policy.
Use of your Personal Data – the Legal Basis and Purposes
Personal data that we hold in relation to you must be processed by us fairly and lawfully. In accordance with our legal obligation, we are registered with the Information Commissioner’s Office as a data controller and our reference is Z4568981.
The primary reason we will collect and process your data is to enable us to perform and fulfil our contract with you. Specifically, your personal data will be used for the following purposes as part of our contract:-
(i) To verify your identity.
(ii) To identify the source of funding for any transaction that you have asked us to carry out on your behalf. In cases where funding is being provided by a third party, for example a friend or relative, we may need to ask you to obtain personal information from the third party, and to provide this to us. We confirm this personal data will also be subject to the terms of this Privacy Notice.
(iii) The detection of fraud.
(iv) Communicating with you during the conduct of the matter, whether in writing, by telephone, by email or by fax.
(v) To enable us to provide you with advice; to conduct Court proceedings on your behalf or on behalf of any organisation you represent; to prepare documents; and to complete transactions on behalf of you or your organisation.
(vi) Maintaining a detailed record of all financial transactions you undertake with this firm, or that we undertake on your behalf. However, please note that all payment card information is destroyed immediately a payment has been processed.
(vii) Seeking advice from third parties in connection with your matter, for example barristers, surveyors, expert witnesses, independent financial advisors and actuaries.
(viii) Responding to any complaint or allegation of negligence made against us.
(ix) Updating our records.
(x) Tracing your whereabouts should it be necessary to pursue you for recovery of an outstanding account.
(xi) Keeping records for the storage and archiving of files and documents.
(xii) Providing you with information about further legal work or services that could benefit you during the course of your transaction, for example recommending that you make a Will.
Your personal data will be processed as necessary for our own legitimate interests or those of other persons and organisations. These include but are not limited to the following:-
(i) For good governance, accounting, managing and auditing our business operations.
(ii) For market research, analysis and developing statistics.
(iii) To send you marketing communications from other departments within our firm.
(iv) Maintaining network and data security.
Your personal data will be processed as necessary, to comply with legal obligations that we have. These include but are not limited to:-
(i) When you exercise your rights under data protection law and make a Subject Access Request.
(ii) For compliance with legal and regulatory requirements and related disclosures.
(iii) For the establishment and defence of legal rights.
(iv) For activities relating to the prevention, detection and investigation of crime.
(v) To verify your identity and to undertake fraud prevention and anti-money laundering checks.
There will be occasions when the purpose for which we process your personal data will require your specific consent, for example when you request us to disclose your personal data to other people or organisations such as a company handling a personal injury claim on your behalf. In these circumstances, we will contact you to ask for your specific consent to process your data. If consent is granted, you will be free at any time to change your mind and withdraw your consent. You must however be aware that the consequence of failing to give consent or withdrawing your consent, may be that we cannot undertake a specific task for you.
Sharing of your Personal Data
During the conduct of your case or transaction, we may need to disclose some information to third parties outside of this firm. However, these disclosures will only be made when they are necessary to enable us to fulfil our contract with you, or for some other lawful purpose as identified in the GDPR. Such instances include but are not limited to the following:-
(i) Information provided to HM Land Registry to register a transfer of a property or some other disposition on the title register.
(ii) Information provided to HM Revenue & Customs in respect of Stamp Duty Land Tax liability.
(iii) A Court or Tribunal, to comply with legal requirements and for the administration of justice.
(iv) To other parties connected with your matter, for example a joint purchaser.
(v) Solicitors/licensed conveyancers acting for another party in proceedings or in a transaction.
(vi) Barristers, mediation providers, surveyors or expert witnesses, to include medical experts, to obtain advice or assistance in relation to your matter.
(vii) A bank, building society or other lender who is providing a mortgage or other financial assistance for a transaction.
(viii) Our legal and professional advisors, including our auditors, Maynard Heady LLP, (or such other firm as may replace them), and the Solicitors Regulation Authority.
(ix) Solicitors representing our interests in the event of any claim that you bring against this firm.
(x) A prospective purchaser of this business, or their advisors, under a binding non-disclosure agreement.
(xi) The providers of on-line identity verification searches that are undertaken by this firm.
(xii) Any disclosure required by law, in particular in relation to the prevention of financial crime and terrorism.
(xiii) To protect the security or integrity of our business operations.
(xiv) In an emergency or to otherwise protect your vital interests.
(xv) Payment systems, e.g. Visa or Mastercard, in the event you make payment of your account by debit or credit card.
(xvi) As your information will be stored on our computer system, it may be shared with our system maintainers for fault diagnostics, but we will take steps to protect your data should third party access be required.
(xvii) Any other third party where we have your consent.
Please be assured that we do not sell or otherwise make your personal information commercially available to any third parties.
Your personal data will be held on our computer system and/or in paper files, and will be retained in accordance with our Data Retention Policy. Our Data Retention Policy categorises all of the information held by us and specifies the appropriate retention period of each category of data. The retention periods are based on the requirements of applicable data protection laws, and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action and good practice.
How we protect your personal information
We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, misuse, disclosure, alteration or unintentional destruction consistent with applicable data protection laws. Our staff have been fully trained and are familiar with the provisions of the GDPR, and they understand the importance of confidentiality and the need to protect your personal data. We take reasonable steps to ensure your personal data is kept up to date where necessary, and we have a procedure in place to ensure ongoing monitoring is undertaken in relation to our data protection obligations.
Visitors to our Website
To help us improve our website, we use Google Analytics, which is a web based analytics tool that tracks and reports on the manner in which the website is used. Information is collected through cookies, which are small text files that are downloaded to your device by websites you visit. The information that the cookies collect is aggregated and anonymous. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Data transferred outside the European Economic Area (the EEA)
Where possible, your personal data will be processed within the EEA. However, in order to fulfil our contract with you, we may need on occasion to transfer your personal information to locations outside the jurisdiction in which you provide it, for example to the United States. The level of information protection in some countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws.
If you believe that any information we hold about you is incorrect or incomplete, or if your details have changed since you first provided them to us, please let us know as soon as possible so that we can update our records.
Your Rights Regarding Your Personal Data
The GDPR and other applicable data protection laws provide certain rights for you. Specifically, GDPR provides the following:-
(i) You have the right to be informed about our processing of your personal data.
(ii) You have the right to object to the processing of your personal data.
(iii) You have the right to restrict the processing of your personal data.
If you object to or seek to restrict the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, your objection, restriction or withdrawal of any previously given consent could mean that we are unable to perform the actions necessary to achieve the purpose for which we are instructed, or that you may not be able to make use of the services offered by us. Please note that even after you have chosen to withdraw or restrict your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights, or meeting our legal and regulatory obligations.
(iv) You have the right to have your personal data erased (known as “the right to be forgotten”).
(v) You have the right to request access to your personal data and information about how we process it (known as a “Subject Access Request.”)
A Subject Access Request entitles you to a copy of the personal data that we hold on you and will include records of your name, address, contact details, date of birth etc. However, a Subject Access Request does not mean that you will necessarily be provided with a copy of your file, as the focus of the documents or correspondence contained within your file is likely to be the transaction or legal matter, rather than your personal information. In the event you wish to make a Subject Access Request, please contact Mrs Shepard in writing or by email.
(vi) You have the right to move, copy or transfer your personal data (known as “Data Portability”).
(vii) You have rights in relation to automated decision making including profiling. However, please note that we do not use your personal data for automated decision making.
Complaints About the Use of Your Personal Data
In the event you have any complaint or concern in relation to the processing of your personal data, please contact Mrs Shepard, who will provide you with a response. If you are not satisfied with the response, you have the right to complain to Information Commissioner’s Office. Their telephone number is 0303 123 1113 and their website is www.ico.org.uk.
Data Anonymization and Aggregation
Your personal data may be converted into statistical or aggregated data which cannot be used to identify you, but which is in turn used to produce reports for the purpose of our business planning.
Changes to our Privacy Notice
We may update this Privacy Notice from time to time, but our current Privacy Notice will always be available on our Website, www.hchsolicitors.co.uk. Changes to the Privacy Notice are effective when they are posted on our Website.
You are advised to review the Privacy Notice periodically for any changes. If, however, we make any material changes to our Privacy Notice, we will notify you either through an email address you have provided to us, or by placing a prominent notice on our Website.
This Privacy Notice shall be governed and construed in accordance with the laws of England and Wales.