We, Pickering Solicitors (Tamworth) Ltd, are controllers of the information that we collect about you (‘personal data’). This notice informs you how we use personal data and how we protect your privacy. We abide by current UK law including the EU General Data Protection Regulations 2018 (GDPR).
The regulator within the UK is the information Commissioner’s Office and our licence number is ZA184936.
Data Protection Principles
The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. We will comply with data protection law and principles which means that your data will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
This policy applies to our processing of personal data for individuals other than:
- Pickerings employees, who should refer to the Employee Privacy Notice in the firm’s employee handbook; and
- Applicants to vacancies with Pickerings who should refer to the Candidate Privacy Notice on our website.
The information we may collect, use and hold about you
We process your data in order to provide legal services to you. In the course of your legal matter we collect the following personal information when you provide it to us:
- Identity Data, such as your name, marital status, title, date of birth, gender, job title and your employer,
- Contact Data, such as your home and work addresses, personal and work email addresses and personal and work telephone numbers,
- Document Data, such as copies of your passport, driving licence, utility bills, etc,
- Medical Data, including your physical and mental medical history, and details of any medical conditions,
- Third Party Data, namely Identity Data, Contact Data, Document Data and Medical Data relating to your family members, business colleagues and other contacts,
- Financial Data, such as bank account, salary and payment card details,
- Transaction Data, including details about payments to and from you, and other details of services you purchase from us,
- Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website,
- Profile Data, such as your username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses,
- Usage Data, including information about how you use our website, products and services, and
- Marketing Data, such as your preferences in receiving marketing from us and our third parties, and your communication preferences.
We use your personal information primarily to enable us to provide you with the legal service in accordance with your instructions. We also use your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the firm, for statutory returns and legal and regulatory compliance. These purposes include the prevention of money laundering or terrorist financing.
‘Special category’ data
- Information relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data is known as ‘special category’ data.
- During the course of providing you with legal services, we may collect ‘special category’ data about you, particularly if we prepare your will, advise you in relation to divorce proceedings, bring an employment or discrimination claim on your behalf, buy or sell a company with large number of employees, or bring certain types of court claims on your behalf.
We will only use ‘special category’ information:
- provided we have your explicit consent to use it,
- where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent,
- where it is necessary for reasons of substantial public interest,
- where you have previously made that data public knowledge,
- if we need to use that data to establish, exercise or defence legal claims, or
- where there is some other legal basis that allows us to use that information.
The information will be held in hardcopy and electronic format.
You are responsible for ensuring the accuracy of all the personal data you supply to us and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.
We will only take instructions from you or someone you authorised in writing. Where you are acting as an agent or trustee, you agree to advise your principal or the beneficiary of the trust that the personal information will be dealt with on these terms.
Other sources of data and who we share your data with
Depending on the nature of the service we provide, the lawful basis and purpose of processing, we may need to share your personal data with other parties (examples listed below). These parties are subject to data protection legislation and principles. We will usually have notified you of the sharing of your data with these parties. However, certain legislation may prevent us from doing so. Many of these parties both receive personal data from us and provide it to us:
- any other parties in relation to your legal matter to the extent we reasonably consider that it is appropriate or in your best interests for us to do so (including your professional advisers, the ‘other side’ and their professional advisers, witnesses, professional experts and foreign attorneys who assist us with providing specialist non-UK legal advice),
- institutions within the British legal system, such as courts and tribunals and the personnel working with them,
- official bodies such as Companies House, HM Land Registry, the Office of the Public Guardian and the General Register Office,
- HM Revenue & Customs, the Information Commissioner’s Office, the Solicitors Regulatory Authority, the Law Society, the Legal Ombudsman, the Legal Services Board, the National Crime Agency, the Serious Fraud Office and any other regulators and other authorities who require reporting of processing activities in certain circumstances,
- credit-reference and fraud prevention agencies to conduct appropriate anti-fraud or credit reference checks necessary to ensure our compliance with Anti-money laundering regulations,
- professional advisers and business networks with which we are connected,
- our outsourced IT services provider, OOSHA, together with providers of wi-fi, IT and system administration services to our business, and other online cloud and data-room providers,
- our professional advisers (including solicitors, barristers, bankers, auditors and insurers),
- our quality assurance assessors,
- business partners, suppliers and sub-contractors to the extent we consider it reasonably necessary for us to perform legal services,
- analytics and search engine providers that assist us in the improvement and optimisation of our website, and
- third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.
- We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Through our research we may also obtain information from publicly-available databases, such as Companies House or details on a company website.
Furthermore, we will disclose your personal information:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about customers will be one of the transferred assets;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of our firm, our clients, or any other third parties.
On occasions we may ask other trusted companies to provide typing, costing photocopying or other support work on files to ensure that this work can be done promptly. We will always obtain a confidentiality agreement with these outsource providers to ensure that they keep the information sent to them securely and confidentially. All routine typing, costing and photocopying is undertaken in-house.
Transfers outside of the EEA
The firm will not transfer your data outside the European Economic Area.
If you fail to provide personal information.
If you fail to provide personal information when requested which is necessary for us to complete our Client Due Diligence obligations we may decline to act for you.
You will not be subject to decisions that will have a significant impact upon you based solely on automated decision-making.
The firm takes the security of your data seriously and has internal policies and controls in place to ensure that your data is not lost accidentally destroyed, misused or disclosed and is not accessed except by our employees in the proper performance of the duties in accordance with our Information Management and Security and Data Protection & Data Privacy policies. We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have a range of security measures concerning access to our offices and systems
We have put in place procedures to deal with any suspected security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Reasons we can legally collect and use your personal information.
We may use your personal information for a number of different purposes and for each purpose we must have a lawful basis for processing your personal data.
We may rely on the following lawful bases to collect and use your personal or sensitive personal data:
Consent: where you have given clear consent for us to process your personal data for a specific purpose.
Contract: where the processing is necessary for a contract you have with us.
Legal obligation: where the processing is necessary for us to comply with the law (not including contractual obligations).
Vital interests: where the processing is necessary to protect someone’s life.
Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the your personal data which overrides those legitimate interests.
How long does the firm keep data?
We will hold your personal data including your name address and contact details plus your file of papers for a period of time depending on the nature of your case. We will confirm this to you at the end of your case. After this period of time your file of papers including the electronic file will be destroyed confidentially without further reference to you unless we contact you to confirm other arrangements or you contact us to request your file of papers at an earlier date.
In order to meet our regulatory requirements we may be required to retain basic information about you to include your name address and date of birth on a electronic database for a longer period of time.
As a data subject, under certain circumstances, by law you have the right to:
- Request access to your personal information ( commonly known as a 'data subject access request'). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest) or those of the third party and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it .
- Request the transfer of your personal information to another party.
If you wish to review, verify, correct or request erasure of your personal information, object to the processing of your personal data or request that we transfer a copy of your personal information to another party, please contact the Data Security Manager in writing.
Mrs Lucy Cooling, Data Security Manager, Pickering Solicitors (Tamworth) Ltd, Etchell House, Etchell Court, Bonehill Road, Tamworth, Staffordshire, B78 3HQ or email email@example.com.
If you believe that the firm has not complied with your data protection rights, you can complain to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.
Last amended 17 August 2022