Privacy Notice
Abrahams Law Limited
Unit 1C, The Old Foundry, Bath Street, Walsall, West Midlands WS1 3BZ
01922 896794
UK
Data Privacy/Data Protection Law changed significantly on 25th May 2018.
The EU
General Data Protection Regulation (or GDPR for short) was a positive step
towards
you having more control over how your data is used and how you are
contacted by us.
At
11pm on 31st December 2020, EU GDPR will no longer apply to personal
data held or processed within the UK. Instead, “UK GDPR” will apply to such
data. The provisions of UK GDPR are essentially the same as EU GDPR and
therefore the following rights continue to apply. We confirm that we do not normally
hold or process your data outside the UK but if we do we will ensure there are
sufficient “adequacy” arrangements or “safeguards” in place to protect your
rights.
If you are an individual, the rights you have under the UK GDPR include the following:
1.
The right to access the personal data that
we hold about you;
2.
The
right to object to us sending you
information;
3.
The
right to be informed about
the collection and use of your personal data;
4.
The
right to rectification of
personal data we may hold about you if it is inaccurate or incomplete;
5.
The
right to erasure of your personal data in some circumstances;
6.
The
right to restrict processing your personal data where you may have a particular reason for wanting the
restriction;
7.
The
right to data portability which will allow you
to obtain and reuse your personal data across different services;
8.
Rights in relation to automated decision making and
profiling
– please note we do not use automated decision making and profiling.
We have therefore updated our
privacy notice to reflect these changes.
We use your personal data to
help us provide an excellent client service, which includes tailoring the information
we share with you to help ensure that it’s relevant, useful and timely.
We will respect your privacy
and work hard to ensure we meet strict regulatory requirements.
We will not sell your personal data to third parties.
We will provide you with easy ways to manage and review
your marketing choices if you receive direct marketing communications from us.
We are a firm that is authorised and regulated by the
Solicitors Regulation Authority (SRA). As you might expect, we are already subject
to strict rules of confidentiality. It is therefore already part of the fabric
and culture of our firm to keep your information private and secure.
We would ask you to help us keep your data secure by
carefully following any guidance and instructions we give e.g. communicating
bank account details and transferring funds to us.
We are sometimes obliged to
share your Personal Data with external authorities without notifying you e.g.
as required by the Anti-Money Laundering & Counter Terrorist Financing Act 2017. In all other cases, we will be transparent,
and we will explain to you why we are requesting your data and how we are using
it.
Lawful
Bases for Processing your Data
The law states that we are
allowed to use personal information only if we have a proper and lawful reason to do so. This includes sharing it with
others outside the firm e.g. an auditor of a relevant quality standard.
The GDPR says we must have one or more of these reasons:
- Contract: the
processing is necessary for a contract we have with an individual, or
because they have asked us to take specific steps before entering into a
contract.
- Legal obligation: the
processing is necessary for you to comply with the law (not including
contractual obligations).
- Legitimate interests: the
processing is necessary for our legitimate interests or the legitimate
interests of a third party unless there is a good reason to protect the
individual’s personal data which overrides those legitimate interests.
- Consent: the
individual has given clear consent for us to process their personal data
for a specific purpose.
A legitimate interest is when
we have a business or commercial reason to use your information.
Here is a list of all the ways
that we may use your personal data, and which of the reasons we rely on to do
so.
Use of your Personal Data |
Our reason/justification for processing
|
Legitimate Business Interest |
Opening, progressing, closing, archiving
and storing a matter/case file |
·
Contract ·
Legitimate
Interest ·
Legal
Obligation |
Fulfilling your instructions (the
retainer) Complying with regulations and the law
|
Direct marketing to you |
·
Legitimate
Interest |
Keeping our records up-to-date,
working out which of our products and services may interest you and telling
you about them Providing information on changes in
the law and inviting you to contact us for advice |
• To make and manage
client payments. |
·
Contract ·
Legitimate
Interest ·
Legal
Obligation |
Keeping accounts systems up-to-date Complying with SRA Accounts Rules and
other regulations Effective and efficient management of
a sustainable business |
To detect, investigate,
report, and seek to prevent financial crime. |
·
Contract ·
Legitimate
Interest ·
Legal
Obligation |
Developing and improving
how we deal with financial crime including suspected money laundering as well
as complying with our legal obligations in this respect
Being efficient about
how we fulfil our legal and contractual duties. |
To run our business in
an efficient and proper way. This includes managing our financial stability,
business capability, planning, communications, corporate governance, and
audit. |
·
Legitimate
Interest ·
Legal
Obligation
|
Complying with the SRA Accounts Rules
and Code of Conduct and other regulations that apply to us
Being effective and
efficient about how we run our business
To allow external consultants,
advisers and auditors to inspect files
|
To exercise our rights
and comply with obligations set out in agreements or contracts |
·
Legitimate
Interest ·
Legal
Obligation
|
Complying with contractual
requirements e.g. for the provision to clients of Public Funding by Public
Bodies |
Special
Categories and Criminal Convictions Data
Further to our lawful bases
for processing personal data we rely on further conditions contained within the
Data Protection Act 2018 (as amended by the Data Protection, Privacy and
Electronic Communications (Amendments etc.)(EU Exit) Regulations 2019 and 2020)
for
processing these types of data. These
conditions are contained in Schedule 1, Part 3 of the Act. The primary
condition we rely on is known as “legal claims” where;
This condition is met
if the processing—
(a) is necessary for
the purpose of, or in connection with, any legal proceedings (including
prospective legal proceedings),
(b) is necessary for the purpose of
obtaining legal advice, or
(c) is otherwise
necessary for the purposes of establishing, exercising or defending legal
rights
We would normally
also rely on another condition in Schedule 1, Part 3 of the Act known as
“consent” where, due to the nature of these types of data we would obtain your
consent prior to processing them.
If our reason for
processing data is in connection with the Schedule 1, Part 2 of the Act,
condition 18, safeguarding of individuals and children at risk,. This is
because the processing will be necessary for the purposes of;
(a) protecting an
individual from neglect or physical, mental or emotional harm, or
(b) protecting the
physical, mental or emotional well-being of an individual,
In this condition;
(a) in the circumstances, consent to the
processing cannot be given by the data subject;
(b) in the circumstances, we cannot
reasonably be expected to obtain the consent of the data subject to the
processing;
(c) the processing must be carried out
without the consent of the data subject because obtaining the consent of the
data subject would prejudice the provision of the protection
Also, due to the nature
of these data types, we comply with Schedule 1, Part 4 of the Data Protection
Act which requires us to have an appropriate written policy explaining our
security procedures, and data retention periods and we are required to retain
this policy document and produce it to the Information Commissioner on request.
Our policy is set out in the firm’s Information Management & Security
Policy.
Types
of Personal Data we process
Type of Personal Information
|
Description |
Financial |
Your Bank account details and your
financial status and information |
Contact Information |
Where you live and how to contact you |
Socio-Demographic |
This includes details about your work
or profession, nationality etc. |
Transactional |
Details about payments to and from
your bank accounts |
Contractual |
Details about the products or services
we provide to you |
Behavioural |
Details about how you use our services |
Communications |
What we learn about you from letters,
emails, and conversations between us |
Social Relationships |
Your family, friends and other
relationships |
Open Data and Public Records |
Details about you that are in public
records such as the Land Registry, and information about you that is openly
available on the internet |
Documentary Data |
Details about you that are stored in
documents in different formats, or copies of them. This could include things like your
passport, drivers licence, or birth certificate |
Special types of data |
The Law and other regulations treat
some types of personal information as a special category. We will only
collect and use these types of data if the law allows or requires us to do
so:
·
Racial
or ethnic origin ·
Religious
or philosophical beliefs ·
Trade
union membership ·
Genetic
and bio-metric data ·
Health
data including gender ·
Criminal
convictions and offences
|
Consents |
Any permissions, consents or
preferences that you give us. This
includes things like how you want us to contact you. |
National Identifier |
A number or code given to you by a
government to identify who you are, such as a National Insurance Number |
Legal Aid Application and Bill |
Information required to submit an
application for public funding and to claim our fees under any legal aid
certificate issued to you. |
Sources
of Data
We collect personal data from various sources:
Data |
Source |
Purpose
|
Data you
give us when you instruct us to advise you or act for you |
You |
To enable us
to decide whether to accept your instructions and to progress your matter |
Data you
give us by letter/phone/email and other documents |
You |
To enable us
to decide whether to accept your instructions and to progress your matter |
Data you
give us when you visit our website, via a messaging service or social media |
You |
To enable us
to deal with your query or request and to contact you if appropriate |
Data you
give us during interviews |
You |
To enable us
to advise and represent you and to communicate with other solicitors and
third parties on your behalf |
Data you
give us in client surveys |
You |
To enable us
to improve our services and respond to any expressions of dissatisfaction |
Data provided
to us by referrers and introducers |
Referrers |
To enable us
to contact you and to enable us to decide whether to accept your instructions
and to progress your matter |
Fraud
Prevention agencies |
Agency |
To enable us
to comply with the law and regulations and carry out client due diligence
checks |
Estate
Agents |
Agents |
To enable us
to act on your behalf in relation to a land transaction |
Other
Solicitors |
Solicitor
Firms |
As part of
an exchange of information to enable us to progress the matter and advise you |
Public
Bodies |
Public Body
such as HMRC, HM Treasury, Local Authority, Land Registry, Land Charges
Registry, Probate Registry, Legal Aid Agency, Police, CPS, Courts Service and
other government departments |
To enable us
to advise you and progress your matter.
To prevent
fraud and money laundering
|
Your GP or
other medical professional |
Doctor |
To obtain
appropriate medical reports |
The Legal
Aid Agency |
LAA |
Under our
contractual obligations we will receive “Shared Data” from the LAA if your
matter is legally aided |
Who we
share your Data with
Subject to the SRA Code of
Conduct and the requirements with regard to client confidentiality, we may
share your personal information with:
·
Lawyers or other organisations on the other
side of a matter or case
·
Barristers or experts we instruct
·
The courts and other tribunals
·
Your Personal Representatives or Attorneys
·
Auditors
·
Lenders
·
Estate Agents, IFAs, Referrers, etc
·
Organisations that we introduce you to.
·
HM Revenue and Customs
·
The government both Central and Devolved
·
Fraud Prevention Agencies including the
National Crime Agency
·
The SRA and other regulators
·
ID checking organisations
Automated
Decision-Making
We do not use automated decision-making systems. All
decisions relating to you and your matter are made by a person.
Personal
Data we use
We typically will use the following types of personal data:
·
Your Name
·
Date of Birth
·
Home address
·
Contact details such as phone numbers and email
addresses
·
Bank details and account information
·
Medical information (where applicable)
·
Employment details
·
Data that identifies you by cookies when you use our website
Sending
Data outside the European Economic Area (EEA)
Unless you instruct us in a matter
or case that involves an international element, we do not normally send your
personal data outside the UK or EEA. If we do, then we will seek your consent
to do so, explain the risks to you and talk to you about UK adequacy decisions
and potential safeguards depending on the country involved.
Your
refusal to provide Personal Data requested
If you refuse to provide the
information requested, then it may cause delay and we may be unable to continue
to act for you or complete your matter.
Marketing
Information
We may from time to time send
you letters or emails about changes in the law and suggestions about actions
that you might consider taking in the light of that information e.g. reviewing
your will. We will send you this marketing information either because you have
consented to receive it or because we have a “legitimate interest”.
You have the right to object
and to ask us to stop sending you marketing information by contacting us at any
time. You can of course change your mind and ask us to send the information again.
How
long we keep your personal information
We are legally obliged to keep
certain information for at least 5 years and typically store your file for 6
years before destroying it.
In some cases, e.g. Legal Aid
Matters we are obliged to keep your files for a longer period of time, this
period will be set out in our closing letter to you.
We will store Wills and other
documents indefinitely.
We will keep your name and
personal contact details on our database until you tell us that you would like
them removed e.g. where you have changed solicitor.
How to
get a copy of your Personal Information
If you wish to access your personal data then write to:
Data Protection Supervisor/COLP- Mr Khuram Yaqub
Abrahams Law Limited, Unit 1C, The Old Foundry, Bath Street,
Walsall, WS1 3BZ
Telling
us if your Personal Information is incorrect (The
right to rectification)
If you think any information we have about you is
incomplete or wrong, then you have the right to ask us to correct it. Please contact us as above.
Other
Rights
As mentioned above you also have other rights, namely
·
The right to erasure
·
The right to restrict processing
·
The right to data portability
You have the right to ask us
to delete (erase) or stop us using your data if there is no longer any need for
us to keep it (e.g. under a legal obligation).
In terms of data portability
then subject to any lien we may enjoy for non-payment of fees, we will comply
promptly (where permitted) to your request to transfer your physical paper file
to another solicitor upon receipt of your signed consent. If your file is in electronic format we will
take reasonable steps to export the file to a “portable format” where possible
so that your new solicitor can upload it to their system. As many different IT
systems are used by the legal profession we cannot guarantee that we can
provide data in a compatible format.
Consent
UK GDPR in some cases requires us to obtain your explicit
consent i.e.
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c ) his religious beliefs or other beliefs of a similar
nature,
(d) whether he is a member of a trade union (within the
meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any
offence, or
(h) any proceedings for any
offence committed or alleged to have been committed by him, the disposal of
such proceedings or the sentence of any court in such proceedings.
Where acting for you involves
us processing such data we will seek your explicit consent e.g. when we plan to
obtain your medical records.
You have the right to withdraw
your consent by contacting us as stated above.
However, if you do so then we
may not be able to progress you case or indeed continue to act for you.
How to
Complain
If you are unhappy about how we are using your Personal
Data then you can complain to us using the contact information above.
You also have the right to complain to the Information
Commissioner’s Office (ICO). Further details on how to raise a concern about our
information rights practices with the ICO can be found on the ICO’s
website: https://ico.org.uk/concerns
Updating
this Notice
We will, from time to time,
update this Privacy Notice to reflect emerging ICO guidance, requirements of
the amended Data Protection Act 2018 and any other relevant changes in the law
or regulations, adequacy decisions e.g. following BREXIT. We will also seek to
learn from any published cases of Data Protection breaches.