Client Privacy Notice
We understand that your privacy is important and that you care about how your personal data is used and shared. We respect the privacy of everyone who visits our website and uses our online services.
We are committed to respecting, securing, and protecting your privacy and private data. We are also committed to being transparent about what we collect from you and how we use it.
This privacy notice provides you with information about what personal data we collect, how we use your data, how we ensure your privacy is maintained, and your legal rights relating to your personal data.
Who We Are
1.1. We are odonnells Solicitors Ltd, 68 Glovers Court, Preston, PR1 3LS
1.2. You can contact us by:
- Telephone – 01772 881000
- Email – firstname.lastname@example.org
- Post – odonnells Solicitors, 68 Glovers Court, Preston, PR1 3LS
1.3. The person responsible for ensuring our compliance with data protection legislation is Mrs. Philippa Curran and she can be contacted using the details in 1.2.
1.4. We are additionally regulated by the Solicitors Regulation Authority and our registration number is 570107.
2.1. Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data; which this policy and our use of your data has been designed to uphold:
- Right to be informed – you have the right to be informed about our collection and use of your personal data.
- Right of access – you have the right to request a copy of the information that we hold about you. You can do this by contacting us using the above details.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply, you have a right to restrict our processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing (such as direct marketing).
- Rights in relation to object to automated processing and profiling – you also have the right not to be subject to legal effects of automated decision making and profiling.
- Withdrawal of consent – where our processing is based on your consent you have the right to withdraw this at any time.
2.2. If you have cause for complaint about our use of your data, or you would like to exercise any of your rights, then please contact us using the details provided in Section 1 and we will do our best to solve the problem for you.
2.3. If we are unable to help, or you aren’t satisfied with our response, you also have the right to lodge a complaint with the UK’s supervisory authority – The Information Commissioner’s Office (ICO). The ICO can be contacted:
- By post – The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
- By telephone – 0303 123 1113
- Via its website – www.ico.org.uk
What Data Do We Collect from You?
3.1. The exact information we collect from you will vary depending on what you have asked us to do, or what we are contracted to do for you.
3.2. The data we will collect and process from or about you will fall into two categories:
- Personal Data – This is general information that you supply about yourself, such as Name, Address, Contact Details, Date Of Birth, Financial Information.
- Sensitive Personal Data – This is more sensitive data and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.
3.3. We will always seek to collect and process only the minimum amount of information which we require.
3.4. We may collect the data from you directly; and we may also collect it from a third party if they have the authority to do so (for example Medical Organisations and Banks).
How We Use Your Data
4.1. Data protection law means that we can only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons for which we process your data:
- Providing Our Legal Services: The primary reason we collect and process personal data is to allow us to carry out your requests and represent you through our legal work. For example, we will need to verify your identity, process your legal transaction (providing advice, dealing with legal claims, attending hearings etc), seeking advice from experts. Our legal basis for this is contractual obligation (see below).
- Keeping Our Website Running: providing and managing your access to our website and services, personalising and tailoring your experience on our website and services. Our legal basis for this is legitimate interest (see below).
- Marketing Purposes: We may send you emails and messages about new features, products and services, and content. You will always be able to unsubscribe from these. Our legal basis for doing that is consent.
- Answering Your Queries & Customer Support: We will use your email and contact details to answer your contact requests and queries. Our legal basis for doing so is contractual obligation.
- Preventing Fraud & Crime: We use some data to protect our business and your account from fraud and other illegal activities (for example, we use CCTV to prevent crime; and we look for out irregular orders on our websites). Our legal basis for doing so is legitimate interests.
5.1. We have identified a legal basis for each of our purposes in paragraph 4. This is what they mean:
5.2. Contractual Obligation:
- Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
5.3. Legitimate Interest:
- Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
o gaining insights from your behaviour on our website
o delivering, developing and improving our service
o enabling us to enhance, customise or modify our services and communications
o enhancing data and physical security
o promoting our products, services and business.
o responding to customer enquiries, contact requests and promoting our services.
- In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.
- You can always object to our processing of your data based on legitimate interest. If you do so and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.
- You have given clear consent for you to process your personal data for a specific purpose.
- You can always withdraw your consent. You can do this by clicking on unsubscribe in any marketing email we send, or by getting in touch via the contact details in paragraph 1.
- If you withdraw your consent and we have no other legal basis for processing your data we will stop. If we do have another legal basis we will continue to do so, subject to your legal rights.
Storing and Sharing Your Data
6.1. Data security is very important to us and we take appropriate security measures to safeguard and secure your data.
6.2. We have high standards of both technical and organisational security which is designed to protect your personal data from unauthorised loss, misuse, alteration or destruction. We use both IT Security such as Firewalls, data encryption, and penetration testing; as well physical security to keep our buildings, files and people safe.
6.3. We endeavour to keep all of your personal information in the European Economic Area (EEA). The EEA includes all EU Member States plus Norway, Iceland and Liechtenstein.
6.4. In limited, and necessary, circumstances your information may be transferred outside of the EEA; this will only happen where it can’t be avoided. Where this does happen, we will put special protections in place. We will only move data to countries or organisations:
o Where the EU Commission has deemed their data protection measures to be adequate;
o Or under a contract which enforces the EU Commission approved “standard data protection clauses” which can be viewed at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
6.5. We will never sell your personal data to a third party.
6.6. We will not transfer or disclose your personal data to any third party except:
- We may sometimes contract with trusted service providers to provide goods and services on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, marketing and IT systems. This will sometimes necessitate the transfer of your personal data to those trusted service providers.
- Where we transfer your data to our trusted service providers we will have confirmed that they will apply data protection and security measures to the same standard we would. We will always impose contractual terms on all of our providers to ensure your data remains secure.
6.7. There will be circumstances connected with the performance of the work we are undertaking on your behalf where we will need to share your personal data. This may be with
- barristers and experts instructed by us,
- your opponent and their legal representatives in order to try to resolve your case,
- the legal aid agency to obtain funding
- the courts
Please note that at all times we remain bound by the duty of confidentiality imposed upon solicitors by our regulators, the SRA.
6.8. In certain limited circumstances, we may be legally required to share your personal data – for example where we are involved in legal proceedings, or where we are complying with a court order, regulatory requirement, or government department with appropriate legal authority to compel us to do so.
How Long We Keep Your Data
7.1. We do not keep your personal data for any longer than it is necessary in light of the reason(s) for which it was first collected.
7.2. We will then retain your data for as long as required to meet our legal and regulatory obligations.
7.3. At the end of that period your data will be either deleted completely or anonymised.
7.4. Exceptions to the above will be:
- Where you have exercised your right to have the information where it applies.
- Where the law requires us to keep your data for longer or delete it sooner.
- Where a legal claim is in progress – we’ll keep your data until that claim is concluded.
Storing documentary evidence of your ID
8.1. For some matters, we must ask clients to provide us with documentary evidence of their identity. This may include a copy of your driving licence or passport, and/or other evidence, such as copy bank statements or utilities bills. If we require ID evidence, we will contact you separately about this. Please note that a copy of the ID evidence will be retained on your paper file, but not on our computer files. We currently keep paper files for a minimum of 6 years. Thereafter, the file may be confidentially destroyed. Unless you notify us to the contrary, we will assume that you have no objection to us storing your ID evidence on the paper file until it is destroyed.
Changes to Our Privacy Notice
9.1. We may change this privacy notice from time to time (for example, if the law changes). Any changes will be immediately posted on our site. We recommend you check the privacy notice regularly to remain up to date.
9.2. This privacy notice was last updated in May 2018.