The General Data Protection Regulation (GDPR) has introduced considerable changes to the information that organisations must provide to individuals in respect of how they use and store personal information and data. You will rightly expect A Halsall & Co to respect and treat your personal data with care, diligence and security.
To perform our role as your legal advisor, we will collect certain information about you to help us in the matter which you have instructed us to handle. We will not share any sensitive or confidential personal information or data or sell personal information to any third party without your written consent.
Data Protection Officer
Carl Horstman, who is a partner at the firm’s Birkenhead Head Office, is the firms’ appointed Data Protection Officer for the purposes of the General Data Protection Regulation. He will oversee the firm’s internal policies which govern how we collect, use, share and protect your personal information and data to ensure that your rights are not adversely effected or prejudiced in any way. If you have any queries regarding your data, Mr Horstman can be contacted either by telephone on 0151 647 6323; by email at ch@halsalls.co.uk; or by correspondence addressed to 17 Brandon Street Birkenhead Wirral CH41 5HN.
How we collect your personal information and data
During our professional relationship with you we will collect information that enables us to assist with your affairs and provide legal advice in accordance with our engagement letter and Terms and Conditions of Business which will be sent at the outset of your case. The information we collect will be taken from you either by way of verbal instructions in a face-to-face meeting, over the telephone, or by way of administrative forms we may ask you to complete. The data we collect will be stored on a paper file and electronically on our internal computer systems and server. Our server system is backed up on a Cloud based facility.
What personal information will we collect about you?
The information we ask for will differ depending on the nature of the transaction. The following are examples:-
- Your information: name, date of birth, correspondence and email addresses, telephone number, N. I. number, details of any property or properties you own or, if we are representing a company, the company’s Unique Tax Reference Number, Company Registration Number or VAT reference;
- Identification evidence, which may include your Passport, Driving Licence, a utility bill or bank statement as required by the Money Laundering Regulations;
- Your signature;
- Your bank account details including the name of your bank, sort code and account number;
- Other details which you may share with us.
How do we use or share your personal information?
A Halsall & Co will use your personal information for the following purposes:-
- To complete the transaction at hand. If a property related transaction this will include providing any estate agent, solicitor, mortgage broker/financial advisor or mortgage lender with general updates regarding progress of your matter.
- To provide you with all required legal advice and assistance;
- Recording our communications in the form of written notes and written or emailed correspondence;
- Facilitating payments to your bank account;
- Submitting information to HM Revenue & Customs, Welsh Revenue Authority, Companies House, the Office of the Public Guardian, Court of Protection or other Government bodies in relation to your case, which includes, as an example, Stamp Duty;
- Land Tax and Land Transaction Tax filing requirements and Inheritance Tax submissions.
In matrimonial or family law matters, we may need to provide information to third parties such as:
- HM Treasury Courts & Tribunal Services;
- Dispute or mediation resolution service providers;
- Barristers;
- Surveyors;
- or pension actuaries;
- Protect both of our interests;
- As part of our professional services, we have contractual relationships with external service providers. For instance: a company to shred sensitive documentation or old files; IT support staff to assist with our website and information technology systems; cleaning contractors who access our office premises. We ensure that such contractors enter in to a contract with us which places legal obligations on those parties not to access or share your personal information in any way;
- Complying with our legal and statutory obligations, including requests for information form regulatory bodies and law enforcement agencies if there is any suspicion of fraud or money laundering.
How do we keep your personal information safe?
We take a number of steps in our efforts to keep your personal information and data protected and secure. Amongst other measures, we perform an annual risk assessment audit to ensure our internal procedures are robust and that our relationship with external service providers complies with GDPR. Our information technology systems are well maintained and virus protected, and we have a firewall system installed. All staff are trained and aware of the sensitive nature of your data and the requirements we must abide by to keep your data safe and secure. Our business premises are kept secure at all times.
We have reporting obligations and should there be any unauthorised, material disclosure of your personal data, the breach must be reported to the Data Protection Officer and logged, to you and to the Information Commissioner’s Office (ICO). If a material breach, the firm can be subject to financial sanction by the ICO.
How may a breach of your personal information or data occur?
We will never knowingly unlawfully disclose your personal information or data. There would be a breach if personal data is lost, destroyed, corrupted or disclosed; If someone accesses the data or passes it on without proper authorisation or if the data has been made unavailable through some form of cybercrime or hacking, or has been lost or unlawfully destroyed. Examples of such breaches may include:
- Your data or information being accessed by an unauthorised third party. This would include access by way of hacking or cybercrime;
- Deliberate or accidental action (or inaction) by a member of the firm or one of the external service providers who may come in to contact with your data;
- Sending personal data to an incorrect recipient;
- Computer or mobile phone devices, or your file of papers containing personal information being lost or stolen. Please do be aware that we does not currently undertake any work on external computer or mobile phone devices and will not ordinarily take your file of papers away from office premises;
- Alteration of your personal information without your permission;
- Loss of availability of your personal data.
What rights do you have with regard to your personal information and data?
You have the right to:-
- Request copies of any personal information we hold or your original file. If you do request your original file, we are required, for professional purposes, to retain a full and complete copy of your file. We do, therefore, reserve the right to pass a reasonable administration charge on to you in such circumstances to cover the cost of our time and photocopying expenses. If you do wish to request any personal information which we hold, you must make your request in writing to the Data Protection Officer providing the reason why you require your personal information to be sent to you (including the words “General Data Protection Regulations Request” in the heading of your letter;
- Request the correction, deletion or removal of your personal information, request that disclosure of your personal information be restricted in a certain way or to object to us using your personal data. Please do be aware that if any such request prevents us from carrying out our role in relation to the transaction at hand, we may not be able to continue to act for you;
- Request that your personal data is transferred to another organisation in a machine readable form;
- Complain to us if you believe your privacy rights have been breached or violated or you have suffered any loss or inconvenience as a result of unlawful disclosure or processing your personal information;
- Complain to the Information Commissioner’s Office (ICO) if you believe your privacy rights have been breached or violated in any way or you have suffered any loss or inconvenience as a result of us having unlawfully disclosed or processed your personal information.
Processing data outside the United Kingdom
We do not currently process any data or personal information outside the UK and is unlikely to do so in future. However, our Cloud based server system is backed up by a provider who is currently based in Ireland.
How long will we keep your information for?
All solicitors’ practices are bound by professional rules and indemnity insurance requirements in respect of how long we are obliged to keep records of our professional relationship with you. The minimum period of time is 6 years from conclusion of your case. However, in order to ensure that both your and our interests are fully protected, we will keep records as follows:-
- If we acted for you in relation to the sale of a freehold property, we will keep your file of papers for 7 years. After that 7 year period has elapsed, we will take steps to shred and destroy your hard copy paper file. We will also remove any electronic file held on our computer systems by deleting it from our computers and our server;
- If we represented you in respect of a purchase of either a residential or commercial property or the grant of a lease, the re-mortgage of a residential or commercial property or the sale of a leasehold property, we will keep your file of papers for 15 years. After that 15 year period has elapsed, we will take steps to shred and destroy your hard copy paper file. We will also remove any electronic file held on our computer systems by deleting it from our computers and our server;
- If you instructed us to prepare a Will, Lasting Power of Attorney, or in a Probate or estate administration matter, or matrimonial proceedings, we will keep your file of papers for 15 years. After that 15 year period we will take steps to shred and destroy your paper file. We will also remove any electronic file held on our computer systems by deleting it from our computers and our server;
Should we be instructed by you to store title deeds, original Wills, Grants of Probate or Lasting Powers of Attorney, we will not take any steps to destroy original documents of that nature.
Making a complaint regarding your personal information or data
We are confident you will have no cause to raise any concern or complaint regarding the use of your personal information or data. In the unlikely event that you do have any concern, we would be grateful if you could:-
-
- Raise your concerns with the solicitor acting on your behalf. Contact information for your solicitor will have been supplied to you in our opening communications;
- Contact the Data Protection Officer (Carl Horstman) – contact details are recorded above;
- Should you not be satisfied with either of the two above-mentioned solutions contact the Information Commissioner’s Officer in one of the following manners: Online at https://ico.org.uk; by email at casework@ico.org.uk; or by telephone on 0303 123 1113.