Data Protection Notice
Our commitment to you
Here at Smith Jones we take your privacy very seriously. We would never do anything with your data that we wouldn’t do with our own. This policy sets out exactly what we do and why. Firstly and most importantly, we will never sell your data. We will only ever use your data in a way that we have told you about, that is fair, legal and necessary.
Who we are
We are Smith Jones (Solicitors) Limited, we are a limited company registered in England (Companies House Registration number: 06938570) and we are registered with the UK Data Protection agency under registration number Z1906240 as Smith Jones Solicitors Limited at Towneley House, Kingsway, Burnley, BB11 1BJ. If you have any queries or concerns about how your data is being held, please contact us by email to firstname.lastname@example.org or by phone on 01282 855 400. If you are unhappy with us and we can’t fix it, you can contact the ICO. You can call the ICO on 0303 123 1113.
Our Data Protection Officer is Beverley Bellas and she can be contacted by post to Smith Jones Solicitors, Towneley House, Kingsway, Burnley, BB11 1BJ or by email to email@example.com.
Processing your personal data
By “process your personal data” we mean the way we collect and use your personal data. Throughout all your interactions with us we will be your Data Controller. This means that we keep the responsibility for the security of your data and that we only share your data with organisations that will treat your data as well as we do. These organisations are Data Processors.
We must have a basis to collect and use your data. The basis on which we do this is because you have asked us to consider entering into a contract with you to act as your legal representatives.
We also need to collect and use what is referred to as “special category data” about you. This is information that is considered more sensitive than just your name and address. It includes things like medical records, marital status, union affiliations and other sensitive data. The exact data that we need will vary from case to case but we will obtain this information directly from you or where we need to apply to another agency for that information on your behalf, we will explain to you what information we are asking for and why we need it.
Our purpose for collecting and using this data is so that we can conduct legal matters on your behalf.
The only other way we use your data is to send out emails to you when things happen that may be of interest to you, these will contain nothing that you wouldn’t expect to receive from us. We send these on the basis of legitimate interests. We do also include an unsubscribe link on each email if you would prefer not to hear from us in that way.
When you visit our website
We have a whole page that tells you all about the information that we gather on our website and you can find it here: http://smithjonessolicitors.co.uk/privacy-cookies/
Who we share it with
In order to be able to act on your behalf and pursue a matter, we do have to share your information with other people. Each case is different and will need us to share the information with different organisations. We will explain to you who we need to share your data with at the time that it is necessary. We will only share your data with organisations that we need to in order to pursue your claim. Examples of organisations we might have to share your information with are:-
- The Defendant to make your claim;
- Your GP and hospitals if we need to obtain your medical records;
- The Courts if your matter goes that far;
- The insurance company representing the defendants;
- Medical experts who will examine you and produce a medical report in support of your claim;
- The Department for Work and Pensions, all claims must be registered here;
There may be others but these are the most common. Again, we will explain to you who we are sharing your data with and why.
Accessing your own data
It is your right to know what data we hold on you. If you would like to know what data we hold on you email us at firstname.lastname@example.org or phone your case handler to ask for a Subject Access Request form. While it isn’t necessary for you to use that form it will speed up your request as it will make sure that we have all of the information that we need.
Where we store it
Our storage servers are based in the UK and owned by Smith Jones. We have back-up systems and these are owned and controlled by Smith Jones. Where we maintain paper copies they are held in our offices, or at storage facilities that we are confident have sufficient security measures.
How we look after it
We work with external agencies who confirm that we are doing all of the things that we should be doing. This means that from time to time, they come in to check our files. There is a possibility that yours may be one of the files that they look at. Any external agency who comes in to look at our files has signed an agreement with us to maintain confidentiality. We train all of our staff in Data Protection and Information Security regularly so they are all aware of how important your data is.
We do use email and electronic systems and some of these are held outside of the EEA. We take great care in how we choose companies to work with and make sure that they respect your data as much as we do. In order to be able to conduct your case, we do need your permission to be able to transfer and hold your data outside of the EEA and you give us this when you sign our retainer documentation.
Access to our systems is highly restricted and the firms who have access to our systems in order to provide us with support have all signed confidentiality agreements with us to protect your data.
When we dispose of it
So that we would be able to answer questions should you return to us after your case is finished, we will hold your full file for the minimum length of time required. For example, if you are contacting us about a personal injury claim, we will hold your file until 6 years after the closure of your case except if the matter involves a child or a person designated by the courts as a protected party. These matters are subject to longer retention periods. The same time limits apply for enquiries to us. Further information of exactly which time limits apply to your case will be included in our supplemental terms of business.
Unless you specifically request otherwise, we will maintain your “client” file. This just holds your basic contact information and is used as a file that we can associate different cases with you. If you would rather us delete of this information at the same time as we delete of your matter file, please let us know email@example.com
We do not routinely delete our emails, if you would like us to search for and delete any emails relating to your file please let us know and we will endeavour to locate and delete all of these when we delete your file.
Your rights under the General Data Protection Regulation (GDPR)
The GDPR provides eight rights for individuals regarding their data:-
- The right to be informed;
- This document contains the information necessary to fulfil this right
- The right of access;
- You have the right to access your data and supplementary information within one month of request. Requests should be made to the Data Protection Officer
- The right to rectification;
- You have the right to have your personal data rectified if it is inaccurate or incomplete. Please contact your file handler to make any necessary changes.
- The right to erase;
- This is the right to have your data deleted where there is no compelling reason for it’s continued processing. This only applies in very specific circumstances. While it is unlikely that any of our processing activities will meet the necessary criteria for this, please discuss any concerns with the Data Protection Officer.
- The right to restrict processing;
- The right to restrict what we can do with your data is another right which only applies in very specific circumstances. Again, if you have any concerns, please raise them with the Data Protection Officer.
- The right to data portability;
- This right is to allow you to take your electronic data to another provider. Should you wish to take your data to another supplier we can do this in a machine-readable format.
- The right to object;
- You have the right to object to your data being used on the basis of legitimate interests, direct marketing or processing for the purposes of scientific/historical research and statistics. The only time your data is used on the basis of legitimate interests is in the newsletter emails that we send you. Each of these has an unsubscribe button. We do not use your data for scientific or historical research. We do not use personal data for statistical purposes.
- Rights in relation to automated decision making and profiling.
- We do not carry out any automated decision making or profiling on your data.