Michael Smith & Co Solicitors Privacy Notice
This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc.
This notice does not apply to any websites that may have a link to ours.
Who we are
Data is collected, processed and stored by Smith & Co Solicitors; and we are what is known as the ‘data controller’ of the personal information you provide to us.
Smith & Co Solicitors is a partnership, authorised and regulated by the Solicitors Regulation Authority under number 622582.
Smith & Co Solicitors is registered with the Information Commissioner’s Office under registration reference Z9572986. Our Data Protection Officer is Vicky Hosking who can be contacted by email at firstname.lastname@example.org
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parent or guardians. If you are a child and need further advice or explanation about how we would use your data, please email email@example.com
What we need
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This notice is intended for clients and prospective clients only.
Under the General Data Protection Regulation 2018 (GDPR) there are two types of personal data (personal information) that you may provide to us:
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However some of the work we do may require us to ask for more sensitive information.
Sources of information
Information about you may be obtained from a number of sources including:
Why we need it
The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples, although not exhaustive, of what we may use your information for:
Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
Who has access to it
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Smith & Co Solicitors. However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
How do we protect your personal data
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have high standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as firewalls and data encryption and annual penetration testing; and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
How long will we keep it for
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfill the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
Probate matters where there is a surviving spouse or civil partner may be retained until the survivor has died in order to deal with the transferable Inheritance Tax allowance
How we collect personal data
The following are examples, although not exhaustive, of how we collect your personal information:
Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
Information we receive from other sources
Your personal data may be stored in different places, including within our IT systems and our Data Processor’s systems, on our premises and within our storage facilities.
How we may use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.
You have the right to object to this processing. Should you wish to do so please email firstname.lastname@example.org
If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our communications to you or contact us by emailing email@example.com with your name and email address. Your details will be removed immediately. Once unsubscribed, you may still receive transactional emails from us regarding your legal case.
Transferring personal data outside the European Economic Area
Smith & Co may on occasion transfer your personal data to countries outside the European Economic Area (EEA). Where there is an adequacy decision by the European Commission in respect of those countries. This means that the countries to which we transfer your personal data are deemed to provide an adequate level of protection for your personal data.
We will take the appropriate steps required by applicable data protection laws to ensure your personal data is protected by either
What are your rights?
Under GDPR as a Data Subject, you have a number of statutory rights. Subject to specific conditions, and in certain circumstances, you have the right to:
If you wish to make a request, please do so in writing addressed to our Data Protection Officer Vicky Hosking or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Vicky Hosking and you can contact them at firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
If you choose not to provide or update personal data
If you do not provide certain information requested we may not be able to provide you with Smith & Co products or services and we may not be able to comply with our legal obligations, such as verifying your identity and complying with anti-fraud and anti-money laundering rules.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes.
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
Change of purpose
We will only use your personal data for the purposes for which we collect and retain it. If we need to use your personal data for a purpose other than that for which it was collected, we will provide you with information about the new purpose prior to that further processing. You may request the legal basis which allows us to process your personal data for the new purpose at any time.
How do we collect your personal data?
We may collect personal data about you in a variety of ways. This may include data collected during our work, or proposed work for you, either directly from you or sometimes from an Introducer or other Data Subject such as an employer or business partner. We may also collect personal data from other external third parties, such as references from former advisers, information from background checks and identity check providers, information from credit reference agencies and information from Companies House.
You may choose to provide us with your personal data
Changes to this Privacy Notice
Smith & Co reserves the right to update or amend this Privacy Notice at any time. We will publish a new Privacy Notice when we make significant updates or amendments.
Any questions regarding this notice and our privacy practices should be sent by email to email@example.com