In this privacy notice the terms EMG Solicitors/EMG/we/our/us means EMG Solicitors Ltd.
Under the UK’s data protection regulations, you have the right to be informed about the collection and use of your personal data and we have legal responsibilities to tell you what we do with your data and how we keep your data safe.
WHO WE ARE
In terms of the GDPR, we are data controllers, bound by the UK’s data protection laws. This means that we determine the purpose and means for processing your personal data. We are registered as a data controller with the UK Information Commissioner’s Office (ICO) under registration number ZA065429.
Emma Gaudern is responsible for data protection within our company, please contact Emma if you have any queries about this privacy notice.
Post: Emma Gaudern, EMG Solicitors Ltd, Abbey House, Abbeywoods Business Park, Durham, DH1 5TH
Regardless of how we hold your personal data, you have the right to request a copy of the information that we hold about you. We also want to make sure that your personal information is accurate and up to date and you may ask us to correct or remove information which you think is inaccurate.
In certain circumstances you have a right to object to the processing of your personal information and can ask us to delete personal data that we hold about you, but this does not apply where we have a legal justification to continue processing your data or an overriding legitimate interest.
You have a right at any time to stop us from contacting you for marketing purposes. Please let us know by using the contact details above or by emailing firstname.lastname@example.org.
Please contact Emma Gaudern if you have any questions about information we hold about you.
What categories of personal information do we process?
Depending on why we are collecting your personal data, we may process your:
- Contact details (for example your name, telephone number and address)
- Vehicle registration
- Date of birth
- National insurance number
- Proof of identity documents, like your passport, driving licence, armed forces card, utility bills or bank statements
- Financial information like banking, tax, pay, pension and asset information
- Personnel information like absence, performance, employment history, training and qualification information
- Special categories of personal data, for example ethnicity, health related data or data relating to a child
How we keep your data secure
To help to prevent against unauthorised processing of your personal data, we run a paperless office – meaning we process your information digitally. We use firewalls and anti-virus software, our computers are encrypted and we use password protection access for all of our systems. We follow the government’s National Cyber Security Centre guidelines with regard to the safe storage of your data and password protection procedures. We also have the functionality to send and receive emails securely using an encrypted data transfer service. Please let us know if you would like to use this service in our correspondence with you.
Using third parties to process your personal data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes unless they are required to determine how they process your data, for example, an occupational therapist would need to determine how they record and use your personal information to carry out their specific role, in these cases they are joint controllers of your information.
IF YOU ARE A POTENTIAL CLIENT OR LOOKING FOR INFORMATION OR ASSISTANCE
When you make an enquiry over the phone or through our enquiry email address, we take your contact details so that we can respond to your request. Our legal basis for processing your information is consent if you have voluntarily made contact with us, or contractual if we are processing your information in order to take steps, at your request, prior to entering into a contract.
We will retain the information collected at this point for one year before destruction of our records. If you contact us through our website there is a section below about how we manage personal data gathered from this medium.
On occasion we use a third party outsourced telephone answering service. We mainly use them to answer calls out of office hours, but in peak times the service may pick up a call. The provider will answer the call as if they were an EMG Solicitors Limited employee, taking your contact details and transferring the call as needs be in order for us to respond to your request for information.
IF YOU ARE A CLIENT
As a client, so that we can provide you with a legal service, we will ask and record personal questions about you. We will only process personal data which is necessary for the performance of our contract with you.
As a client we may be required to share your personal and sometimes sensitive information with:
- Regulatory authorities to comply with our legal obligations, like the Office of Financial Sanctions, The National Crime Agency, or the Solicitors Regulation Authority.
- Credit reference agencies to check your identity in accordance with our legal obligations.
- Property search companies to identify any issues that might influence your decision to buy or sell a property.
- Insurers, for the purpose of providing you with appropriate financial cover for an identified insurable risk, or in connection with any claim made by you against us.
- Property agents, brokers, lenders, and other solicitors involved in your transaction representing other party(ies) in your matter, to enable them and us to fulfil our obligations to you.
- Other government departments such as HMRC, Companies House, HM Probate Registry, the Court of Protection or HM Land Registry to fulfil your and our legal obligations.
- Experts and barristers required to work on your matter.
- Case managers, tradesmen, therapists, carers, property agents, brokers, lenders, banks, and other solicitors employed as a result of Court appointed deputyships and trusts.
- Our auditors and external assessment bodies to achieve and maintain any regulatory or quality assurance standards and accreditations which meet our legal obligations and enable us to provide legal services to you.
Generally, our legal basis for processing your information is contractual, but we also process your information to comply with our legal requirements. For example, to prevent against money laundering, terrorist financing or financial crime, we may also be obliged to disclose information by court order.
If we have been appointed by the Court of Protection to the role of deputy, we are legally responsible for acting and making decisions on behalf of a person who lacks capacity to make those decisions for themselves. In this case, our legal basis for processing your information is to exercise the official authority vested in the deputy and to protect your vital interests (or the vital interests of another person).
As a client we will retain your personal information in accordance with applicable laws and for no longer than we need for the purpose for which we hold your data. After the retention period we will destroy all data. We must, by law destroy all photographic identity documents after a ten year retention period. All other remaining personal data will be destroyed after a 15 year retention period from file closure. However, if your file relates to a Will, probate or Court of Protection matter, then the file will be destroyed 80 years from file closure, and if the file relates to a commercial property lease then we retain the file for the lease term plus one year.
From time to time we would like to send you information about the services that EMG Solicitors Limited offer, using your contact information. Our legal basis for processing this information will be either direct consent or legitimate interest. As an example, if there has been a change in law relating to your matter we might contact you and our legal basis for doing so would be your legitimate interest.
IF YOU HAVE APPLIED FOR A JOB WITH US
We will ask you for your contact details and work-related history so that we can carry out our recruitment process, inviting you to interview. We may also collect information about you by reference or word of mouth, for example, you may be recommended by a friend or former colleague. Our legal basis for processing your information is a legitimate interest in finding a work opportunity within our firm, and also in order to gather information about you prior to entering into a contract.
We will hold your contact details, work history and interview notes for one year if you are unsuccessful in the selection process, and for 6 years after our contract is terminated if we enter into a contract of employment.
IF WE EMPLOY YOU
When you start to work for us, we ask for your personal data so that we can carry out the terms within our contract of employment, for example, we ask for your bank details to pay your salary. Our legal basis for processing your data is contractual.
We also have legal requirements to report tax information to the HMRC, and have a duty to make reports to the Solicitors Regulation Authority (SRA). Our legal basis for processing this information is our legal obligations.
So that we can carry out our duty of care, we may share your personal data internally with management and first aiders, or externally, with, for example, paramedics. Our legal basis for processing your information for this purpose is protecting your vital interests. We use third party suppliers to carry out business functions which we outsource for example, IT support, financial advisor, HR consultant, pension provider and payroll provider. We only share data necessary for the third party to perform their function and obtain a copy of their own privacy notice or a confidentiality agreement for assurance that they process your data in line with the UK’s data protection regulation.
We store your information for the duration of your employment plus 6 years after our contract is terminated.
IF YOU ARE A THIRD PARTY SUPPLIER
We take your contact details so that we can enter into a mutual agreement and make payment for your services, reporting to HMRC as required. Our legal basis for processing your information is contractual and also to comply with our legal obligations.
We may use your contact information to invite you to attend one of our specialist seminars or events if we think there is a legitimate interest in the subject matter.
If our contract terminates then we will keep your personal details on record until we destroy the data after a 6 year period from termination of contract.
IF YOU ARE A DELEGATE AT ONE OF OUR HOSTED EVENTS
If you sign up to one of our events, we take your contact details to provide you with event details, our legal basis for processing your information is to carry out our contractual terms.
We may share your contact details with an outsourced event planning company so that they can arrange table seating.
We may also use this contact information to send out invitations to any future events which you might like to attend, or if you have directly requested this information.
We will destroy your personal data if you have not made contact with us for 5 years.
IF YOU VISIT OUR OFFICES
We use CCTV to provide a safe and secure environment for staff and visitors, for the prevention, identification and reduction of crime, to prevent the loss or damage to EMG Solicitors’ or visitors’ property and protect against data security breaches.
We consider the expectations of privacy in the areas where we have installed CCTV and in addition there is no sound functionality.
We record images accessible only by directors and senior management, the data is erased according to our CCTV policy which is available upon request. Monitoring will only be used for wellbeing and security purposes stated above unless it leads to the discovery of a health and safety breach. We display signs to alert people where the cameras are.
IF YOU ARE A VISITOR TO OUR WEBSITE
Our website is operated by EMG Solicitors Ltd, and we use a third party to host and maintain the live chat service.
We collect information about you when you voluntarily complete our enquiry form, send us a message or contact us by any other means of communication. By voluntarily making contact with us, the legal basis for processing your information is consent.
We will destroy your personal data which we hold from your website enquiry after one year.
Automated decision-making or profiling
Cookies on our Website
Most web browsers automatically accept cookies. You can set your browser not to accept cookies and the Google Analytics website will tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
The electronic systems on our website are protected through the use of firewalls and anti-virus software. All data is further protected and held securely. However, we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
DATA PROTECTION REGISTRATION
Data protection law in the UK is regulated by the ICO. We are accountable to the ICO in relation to all of our personal data processing activities. You have the right to make a complaint to the ICO using the following methods:
• On line at: https://ico.org.uk/make-a-complaint
• In writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By telephone on: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
CHANGES TO OUR PRIVACY NOTICE