In relation to privacy we'd like to make one thing clear straight away - we don't buy or sell people's data. If we've got information about you then it's because we have acted for you in some sort of matter. This document sets out how we use that data and your rights in relation to that data.
When we act for you in any sort of case we will gather personal information about you and your case. We will need that information properly act on your behalf. That data can be on paper but it will also always be stored on our databases.
As general rule we will keep your papers for 6 years after your matter has finished and then we will destroy the paper. We will keep the digital data indefinitely unless you ask us to destroy it. We have set out below your rights in relation to the data that we hold and our explanation of how we comply with the rules. Each of the rights is a hyperlink to the explanatory page on the Information Commissioner's Office (ICO) website
If you wish to request access to your data please email firstname.lastname@example.org or telephone 01623 451111
|Your rights||How we comply with those rights/requests|
|The right to be informed||We add this information into the initial documentation that we send out at the outset of your transaction - that documentation explains how we deal with that data and your rights in relation to that data|
|The right of access||This is the right of access to the data we hold about you. Our clients have always had the ability to find out what data we hold about them and can request their file at any time (which is effecitvely the right of data portability set out below) so this isn't really a big change for us. See data portability below for how we comply with this.|
|The right to rectification||We always look to correct any errors in data we hold and will do so upon request as soon as possible and without any charge|
|The right to erasure||Or the right to be forgotten. We have to respond your request within a month of receiving it.
However, we only have to comply with it under certain circumstances. Generally speaking we will not comply with this request until 6 years have elapsed since the matter completed (and in the case of trusts we will not comply with the request). This is because we need access to that data to defend any claim you or anyone else may make against us within the 6 year limitation period.
If the relevant time period has elapsed then the IT department will be able to identify the files on the server and delete them.
|The right to restrict processing||This is often used in relation to data that is incorrect but which we cannot destroy or amend. Should this occur then we will extract the data as if we were gong to provide it for data portability (see below) but it would be saved to one side so that no processing could be carried out on the data|
|The right to data portability||As mentioned above this is something we have been providing for our clients for many years. Our IT department will provide this data and store them it a portable format such as a DVD. The files themselves are saved as pdf (Portable Document Format), .doc (Microsoft Word) and .eml (Microsoft Email), all of which are easily readable.|
|The right to object||This is the right to object to processing, direct marketing, and scientific analysis. We don't have to comply with this is we need to carry on for the purposes of the business (which is our organisation's legitimate interests). We don't carry out direct marketing or scientific analysis so neither of those cases apply to us. We would need to carry on processing the data if the case we are employed to do is still in progress. However if the cases has ended then we could comply with this in the same way as complying with the right to restrict processing set out above.|
|The right not to be subject to automated decision-making including profiling||This relates to data profiling or automated decision making based on contents of data. We do not carry out any of this sort of processing with the data we hold|