Here at Smith Jones we take your privacy very seriously. We would never do anything with your data that we wouldn’t do with our own. This policy sets out exactly what we do and why. Firstly and most importantly, we will never sell your data. We will only ever use your data in a way that we have told you about, that is fair, legal and necessary.
We are Smith Jones (Solicitors) Limited, we are a limited company registered in England (Companies House Registration number: 06938570) and we are registered with the UK Data Protection agency under registration number Z1906240 as Smith Jones Solicitors Limited at Towneley House, Kingsway, Burnley, BB11 1BJ. If you have any queries or concerns about how your data is being held, please contact us by email to firstname.lastname@example.org or by phone on 01282 855 400. If you are unhappy with us and we can’t fix it, you can contact the ICO. You can call the ICO on 0303 123 1113.
By “process your personal data” we mean the way we collect and use your personal data. Throughout all your interactions with us we will be your Data Controller. This means that we keep the responsibility for the security of your data and that we only share your data with organisations that will treat your data as well as we do. These organisations are Data Processors.
We must have a basis to collect and use your data. The basis on which we do this is because you have asked us to consider entering into a contract with you to act as your legal representatives.
We also need to collect and use what is referred to as “special category data” about you. This is information that is considered more sensitive than just your name and address. It includes things like medical records, marital status, union affiliations and other sensitive data. The exact data that we need will vary from case to case but we will obtain this information directly from you or where we need to apply to another agency for that information on your behalf, we will explain to you what information we are asking for and why we need it.
Our purpose for collecting and using this data is so that we can conduct legal matters on your behalf.
The only other way we use your data is to send out emails to you when things happen that may be of interest to you, these will contain nothing that you wouldn’t expect to receive from us. We send these on the basis of legitimate interests. We do also include an unsubscribe link on each email if you would prefer not to hear from us in that way.
We have a whole page that tells you all about the information that we gather on our website.
In order to be able to act on your behalf and pursue a matter, we do have to share your information with other people. Each case is different and will need us to share the information with different organisations. We will explain to you who we need to share your data with at the time that it is necessary. We will only share your data with organisations that we need to in order to pursue your claim. Examples of organisations we might have to share your information with are:-
There may be others but these are the most common. Again, we will explain to you who we are sharing your data with and why.
It is your right to know what data we hold on you. If you would like to know what data we hold on you email us at email@example.com or phone your case handler to ask for a Subject Access Request form. While it isn’t necessary for you to use that form it will speed up your request as it will make sure that we have all of the information that we need.
Our storage servers are based in the UK and owned by Smith Jones. We have back-up systems and these are owned and controlled by Smith Jones. Where we maintain paper copies they are held in our offices, or at storage facilities that we are confident have sufficient security measures.
We work with external agencies who confirm that we are doing all of the things that we should be doing. This means that from time to time, they come in to check our files. There is a possibility that yours may be one of the files that they look at. Any external agency who comes in to look at our files has signed an agreement with us to maintain confidentiality. We train all of our staff in Data Protection and Information Security regularly so they are all aware of how important your data is.
We do use email and electronic systems and some of these are held outside of the EEA. We take great care in how we choose companies to work with and make sure that they respect your data as much as we do. In order to be able to conduct your case, we do need your permission to be able to transfer and hold your data outside of the EEA and you give us this when you sign our retainer documentation.
Access to our systems is highly restricted and the firms who have access to our systems in order to provide us with support have all signed confidentiality agreements with us to protect your data.
So that we would be able to answer questions should you return to us after your case is finished, we will hold your full file for the minimum length of time required. For example, if you are contacting us about a personal injury claim, we will hold your file until 6 years after the closure of your case except if the matter involves a child or a person designated by the courts as a protected party. These matters are subject to longer retention periods. The same time limits apply for enquiries to us. Further information of exactly which time limits apply to your case will be included in our supplemental terms of business.
Unless you specifically request otherwise, we will maintain your “client” file. This just holds your basic contact information and is used as a file that we can associate different cases with you. If you would rather us delete of this information at the same time as we delete of your matter file, please let us know firstname.lastname@example.org
We do not routinely delete our emails, if you would like us to search for and delete any emails relating to your file please let us know and we will endeavour to locate and delete all of these when we delete your file.
The GDPR provides eight rights for individuals regarding their data:-