DATA PRIVACY NOTICE
mosshaselhurst is committed to protecting your personal information. In this notice reference to “we” or “us” means mosshaselhurst Solicitors. This notice explains how we collect and use the personal information about you, purposes of running our website and informing you of our commitment to the General Data Protection Regulations (which replaced the Data Protection Act 1998 on 25 May 2018).
This Privacy Notice was published on 25 May 2018 and last updated on 24 May 2018. We constantly review our internal privacy practices and may change this policy from time to time. The most up to date Privacy Notice will always be available on our Website.
2. About us
mosshaselhurst was founded in 1906 and now has offices in Northwich, Winsford and Wilmslow. The Directors are Gerard Rooney, Joanne Charles and Emma Roberts. The Firm was incorporated as Moss Law Ltd (trading as mosshaselhurst in 2012), Company registered office – 2 Castle Street, Northwich, Cheshire, CW8 1AB, registered in England and Wales, Company Number 7939100. We are authorised and regulated by the Solicitors Regulatory Authority.
mosshaselhurst Solicitors is a Data Controller under the Data Protection Rules and is registered with the Information Commissioner’s Office with registration number Z5510004. Our Data Protection Officer is Emma Roberts – email@example.com. Our Deputy Protection Officer is Tracey Slater – firstname.lastname@example.org
3. Data Protection Principles
Personal data must be processed in accordance with the six ‘Data Protection Principles’ under the DPA and GDPR ie. it must :-
- Be processed fairly, lawfully and transparently;
- Be collected and processed only for specified, explicit and legitimate purposes;
- Be adequate, relevant and limited to what is necessary for the purpose for which it is processed;
- Be accurate and kept up to date to be the best of our knowledge. Any inaccurate data will be rectified or deleted without delay;
- Not to be kept for any longer than is necessary for the purposes for which it is processed and;
- Be processed securely.
We are accountable for these principles. mosshaselhurst will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the principles of the DPA and GDPR.
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would or do use your data, please contact our Data Protection Officer – Emma Roberts who may be able to assist.
5. Personal data
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you.
This Data Privacy Notice is intended for clients and prospective clients only. Applicants for employment and employees have their own Data Privacy Notices.
Typically we will need your full name, address, date of birth, e-mail and telephone numbers and if a transaction is involved, your banking details will be needed too. In other cases we may need to ask you about medical or other information of a sensitive nature if this is required to carry out your work.
To comply with our legal obligations to verify your identity we are likely to require you to provide copies of certain documents and to respond to any queries we may have. If a transaction is involved we will be asking about the source of funds and requesting supporting documents. As part of this process we will carry out on-line searches to assist us in verifying your identity. Whilst we appreciate that such requests can be intrusive, we are unable to proceed with your work until these checks have been completed. Once your matter has been concluded the file will be archived for a minimum of six years, although you will be advised as to exact timescale once your matter has concluded.
6. Categories of personal data held
We always keep requests for information to the minimum level required to carry out your work.
In the majority of cases this personal data will be restricted to basic information such as name, address, contact details and information needed to complete ID checks.
However, some of the work we do may require us to ask for more sensitive personal data, including:
- racial or ethnic origin;
- political opinions;
- religious beliefs or philosophical beliefs;
- trade union membership;
- physical or mental health or condition;
- sex life and sexual orientation;
- genetic data; or
- biometric data used to uniquely identify an individual
In certain cases we may need to share this information with third parties, such as medical professionals if you have had an accident. This is only done when there are safeguards in place to ensure that the information remains confidential and secure.
7. Sources of information
We may obtain information about you from a number of sources/Third Parties for example :-
- You may volunteer the information. This could be done verbally, in writing (for example, by letter, e-mail or fax) or input through our websites. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.
- Information may be passed to us by third parties in order that we can carry out our legal work on your behalf. Typically these organisations may be:
- Banks or building societies
- Panel providers who allocate legal work to law firms
- Organisations that have referred work to us
- Other professional service firms such as accountants or independent financial advisors
- Because of the nature of our work, data is never received from publically accessible sources.
8. Use of your personal data
The primary reason and the purpose of processing and for asking you to provide personal data is to allow us to carry out your requests, for example, to provide a quote or to carry out your contractual and/or statutory legal work.
We rely on the following legal basis for processing your information :-
- Necessary for performance of a Contract (client instructions);
- Necessary for compliance with a legal obligation (for example Anti-Money Laundering);
- Legitimate interests (ie. marketing other justifiable services offered by the Firm);
- Necessary for the establishment, exercise or defence of legal claims - sensitive data.
Your information may be used for:
- Verifying your identity and to establish the funding of any transaction you have asked us to carry out on your behalf. In a limited number of cases, where funding is being provided by family member or third party, we may need to ask you to obtain information from them and personal information provided to us will also be subject to the terms of this Data Privacy Notice;
- The detection of fraud;
- Communicating with you during the matter;
- Providing you with advice, to carry out litigation on your behalf or on behalf of any organisation you represent, prepare documents or to complete transactions on yours or your organisation’s behalf;
- Keeping financial records of your transactions and the transactions we make on your behalf. We do not store payment card information;
- Seeking advice from third parties in connection with your matter;
- Assisting you with the funding of your matter if it involves Legal Aid or ‘no win no fee’;
- Responding to any complaint or allegation of negligence against us;
- Internal management and planning, which include:-
- Resource management;
- Planning of tasks or meetings;
- Keeping records of sources of work and new enquiries; and
- Providing you with information about further legal work or services that could benefit you, whilst we are carrying out your work.
9. Disclosure of data
During the course of carrying out your legal work we are likely to need to disclose some information to parties outside mosshaselhurst but these disclosures are only made when required by your work. Examples might include providing your information to:
- HM Land Registry to register a property
- HM Revenue and Customs for your Stamp Duty Land Tax liability
- A Court or Tribunal;
- The solicitors acting on the other side of your matter;
- Legal Counsel or non-legal experts to obtain advice or assistance on your matter;
- The bank or building society or other lender providing mortgage finance
- The Insurance Company funding a ‘no win no fee’ matter for you
- Consultants providing us with independent quality checks of your files.
- Solicitors Accounts Rules Auditors as part of their regulatory checking on behalf of the Solicitors Regulation Authority and the Solicitors Regulation Authority themselves;
- Solicitors representing our interests in the event of a claim against us by you;
- A prospective purchaser (or their advisors) of this business under a binding non-disclosure agreement;
- The providers of identity verification and assurance tools in order to confirm that we can take you on as a client; and
- Any disclosure required by law in particular in relation to the prevention of financial crime and terrorism.
- There are some uses of personal data that require your specific consent. We will be contacting you to explain what they are and to ask for your consent, which you are free to withdraw at any time
We do not intend to transfer your personal data to a third party country but if we do we will obtain your consent.
10. How long we keep your information for
Information may be held in computers or manual files. We only retain the information for as long as is necessary to:
- Carry out your work;
- As is required to be kept by law;
- Until the period that you could make a claim against us has elapsed, which is usually seven years after the matter concluded or, if we acted for a child under 18, when they reach their 25th birthday;
- If we have acted in a matter in which you had suffered mental impairment or a provisional award has been made, then the file can be kept for up to 100 years from the data of birth;
- For the duration of a trust, plus six years;
- Wills and related documents can be kept for 75 years from date the will was signed;
- Probate matters where there is a surviving spouse or civil partner are retained until the survivor has died in order to deal with the transferable Inheritance Tax allowance;
- Deeds related to unregistered property are kept indefinitely as they evidence ownership; and
- Comply with any client instructions to extend the retention period in relation to their documents.
Information obtained from prospective clients is kept for up to six months for the purpose of providing quotations and any subsequent follow up.
11. Sharing of Data
We do not share personal information with third parties unless we need to do so. Data may be shared to complete client’s legal work and as required by law.
As your information will be stored on computer, it could be shared with our system maintainers for fault diagnostics but we will take steps to protect your data should third party access be required. We never sell your personal information to third parties.
12. Data Protection and Security
We have technological and operational security policies and procedures in place to protect your data from loss, misuse, alteration or unintentional destruction. Our personnel who have access to the information have been trained to respect your confidentiality and to look after the data in our possession.
13. Inaccurate Information
If you think any information we hold about you is incorrect or incomplete or has been changed since your first told us please let us know as soon as possible so that we can update our records.
14. Access to your Personal Information
The General Data Protection Regulations replace the Data Protection Act 1998 on 25th May 2018.
Under both sets of regulations you are entitled to request a copy of your personal data but if your request is received prior to 25th May, then a fee of £10 is payable. If you wish to make a subject access request, please contact the person dealing with your matter initially.
A subject access request entitles you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth etc. This means that a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or legal matter rather than your personal information.
15. Your Rights
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR.
If you want to exercise any of these rights, please:
- Email, call our write to us (details at paragraph 2)
- Provide other information so that we can identify you. We may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address;
- State the right or rights that you wish to exercise;
We will respond to you within one month from when we receive your request.
16. Complaints about the use of your personal data
Please contact our Data Protection Officer or Deputy Data Protection Officer if you have any complaint or concern over how your data will be used who will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response, the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 0303 123 1113 and website which is www.ico.org.uk.