When we use your personal data we are regulated under the General Data Protection Regulation 2018 (“GDPR”) and the Data Protection Act 2018. We are responsible as a ‘controller’ of that personal data for the purposes of GDPR. Our use of your personal data is subject to this legislation, other relevant UK legislation, your instructions, and our confidentiality duties as solicitors.
We, us, our, or the firm – this means Gavin Edmondson Solicitors Ltd.
Personal data – this means any information relating to an identified or identifiable individual.
Special category of personal data – this is personal data revealing ethnic origin, political opinion, religious or philosophical beliefs, any trade union membership, heath, or sexual orientation.
What data do we collect?
The following sets out the personal data that we may collect from you during the course of your dealing with us. We only collect data when it is necessary for the purposes of your dealing with us. If you do not provide the data that we ask for, it may delay or even prevent us from working with you.
Contact information – name, address, email address, telephone numbers, occupation, and your relationship with other people.
Identification information – date of birth, photographs of you, your passport, your driving license, your bank details, and your national insurance number.
Special category data – as defined above, this information is not routinely collected but may be relevant for example in a family matter.
Health information – we may access your medical history and hold a copy of these records, most commonly but not exclusively during a personal injury claim.
Criminal history – we may from time to time undertake a criminal record check, and we will likely hold your criminal history in the event that you instruct us on a criminal matter.
Financial data – information about your financial affairs, pensions, your assets, and your liabilities.
Personal information in correspondence – copies of letters, telephone notes, emails, and documents or files sent to us or by us.
Recruitment information – CVs, cover letters, application forms, contact details, career history, qualifications, and information you give us during your employment or interviews with us.
How Do We Use Data?
Legally we can only use your personal data if we have a proper reason to do so. We use your information:
- to comply with our legal and regulatory obligations
- for the performance of our contract with you or to take steps before entering to a contract with you
- for our legitimate interests or those of a third party – a legitimate interest is when we have a business or commercial reason to use your information, as long as this is not overridden by your own rights or interests
- where you have given us your consent
Please see table below for further information. This relates only to your personal data. We process special category personal data only with your express consent.
|What we use your personal data for…||…and on what basis we do this|
|To communicate with you or provide legal services to you||For the performance of our contract with you, or to take steps before entering into a contract|
|Sharing information with other professions such as advocates, experts, or other solicitors||For the performance of our contract with you or in the accordance with a legitimate interest|
|To conduct identity checks, financial screening, or other processing needed to comply with our professional, legal, and regulatory obligations||To ensure compliance with our legal and regulatory obligations|
|Providing information in relation to audits, investigations, or enquiries from regulatory bodies||To ensure compliance with our legal and regulatory obligations|
|To respond to enquiries made, for example if you email us or submit an enquiry form through our website||For a legitimate interest|
|Operational reasons such as improving our training or quality of service||For a legitimate interest or those of a third party|
|Statistical analysis to help us manage our firm||For a legitimate interest or those of a third party|
|To prevent unauthorised access to our system||For a legitimate interest or those of a third party, and to ensure compliance with our legal and regulatory obligations|
|To recover our debts in the event that you owe us money||For a legitimate interest|
How Do We Share Data?
When we share your personal data with external third parties we will always keep this to a minimum and take reasonable steps to ensure that those parties only process the data for the purpose we share it for and in accordance with your instructions.
The typical third parties we share your data with include but are not limited to:
- Those necessary to carry out your instructions such as HMRC, Companies House, and the Courts.
- Credit reference agencies.
- Our insurance provider or broker.
- Our IT and security provider.
- Our bank.
- Other professional advisers, consultants, or regulatory authorities.
We will only share your personal data with third parties without your permission if:
- We are obligated to do so by legal or regulatory obligations.
- We are required to share your information with external third parties who provide services to us.
- Some or all of our assets are purchased by third parties.
We strictly require all third parties that we share data with to abide by the relevant legislation.
We do not transfer your personal data outside of the European Economic Area unless you provide us with specific consent to do so.
Where Do We Hold Data?
We never hold personal data for longer than necessary. Different timeframes apply to different pieces of data, however we only ever keep data to:
- Keep clear records as required by legislation and our regulatory body.
- Show that we acted appropriately and fairly for you.
- Respond to any questions, complaints, or claims made by you.
When we no longer need to hold your data we will ensure it is securely deleted.
We will only use your personal data to send you marketing information if you ask us to. We will never provide or sell your data to an external marketer without your consent.
If you have any questions or concerns about how we collect, handle, or store your personal data, please contact us. You have the right to complain to the Information Commissioners Office (“ICO”) if you are not satisfied. Their website is ico.org.uk and their telephone number is 0303 123 1113.
Under the relevant legislation you have the following rights:
Right to be informed – this privacy notice is designed to provide you with all the details you need as to how we collect and use your personal data.
Right to access – you have the right to be provided with a copy of the personal data we hold on you. There will be no charge to you for us providing this information.
Right to erasure – you have the right to ask us to delete your personal data in certain circumstances, however please note that if we are required to keep your data under a relevant exception then we may have to decline your request.
Right of rectification – you have the right to request that we correct any inaccurate or incomplete personal data we hold on you.
Right to restrict processing – you have the right to require us to restrict the processing of your personal data for specific reasons.
Right to object – you have the right to object to us processing your personal data.
Right to data portability – you have the right to obtain and reuse the personal data that we hold about you for your own purposes in certain circumstances.
To exercise these rights please contact us. Please ensure you provide us with enough information to correctly identify you. Please also ensure your request is clear what right you want to exercise and the information that this relates to. If you need any help or guidance please consult the ICO.
We have one month to respond to your request. If your request is complex or you have made a number of requests this may take longer, but we will always keep you updated.
Changes to This Policy