In this privacy notice the terms EMG Solicitors/EMG/we/our/us means EMG Solicitors Ltd. Under the UK’s data protection regulations, you have the right to be informed about the collection and use of your personal data and we have legal responsibilities to tell you what we do with your data and how we keep your data safe.
WHO WE ARE
In terms of the GDPR, we are data controllers, bound by the UK’s data protection laws. This means that we determine the purpose and means for processing your personal data. We are registered as a data controller with the UK Information Commissioner’s Office (ICO) under registration number ZA065429.
Emma Gaudern is responsible for data protection within our company, please contact Emma if you have any queries about this privacy notice.Email: [email protected] Post: Emma Gaudern, EMG Solicitors Ltd, Abbey House, Abbeywoods Business Park, Durham, DH1 5TH
Regardless of how we hold your personal data, you have the right to request a copy of the information that we hold about you. We also want to make sure that your personal information is accurate and up to date and you may ask us to correct or remove information which you think is inaccurate. In certain circumstances you have a right to object to the processing of your personal information and can ask us to delete personal data that we hold about you, but this does not apply where we have a legal justification to continue processing your data or an overriding legitimate interest.
You have a right at any time to stop us from contacting you for marketing purposes. Please let us know by using the contact details above or by emailing [email protected] Please contact Emma Gaudern if you have any questions about information we hold about you.
What categories of personal information do we process?
Depending on why we are collecting your personal data, we may process your:
– Contact details (for example your name, telephone number and address)
– Vehicle registration
– Date of birth
– National insurance number
– Proof of identity documents, like your passport, driving licence, armed forces card, utility bills or bank statements
– Financial information like banking, tax, pay, pension and asset information
– Personnel information like absence, performance, employment history, training and qualification information
– Special categories of personal data, for example trade union association, ethnicity, health related data or data relating to a child
– Digital footprint, for example IP address
– Video recording and or live broadcasting though web streaming services
– Video recording through CCTV at the branch offices
How we keep your data secure
To help to prevent against unauthorised processing of your personal data, we run a paperless office – meaning we process your information digitally. We use firewalls and anti-virus software, our computers are encrypted and we use password protection access for all of our systems. We follow the government’s National Cyber Security Centre guidelines with regard to the safe storage of your data and password protection procedures. We also have the functionality to send and receive emails securely using an encrypted data transfer service. Please let us know if you would like to use this service in our correspondence with you.
Using third parties to process your personal data
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes unless they are required to determine how they process your data, for example, an occupational therapist would need to determine how they record and use your personal information to carry out their specific role, in these cases they are joint controllers of your information. Please note that our website, www.emgsolicitors.com and other digital platforms may contain links to third party websites / digital platforms which are provided for your convenience. We are only responsible for the privacy practices and security of our own digital platforms and therefore we recommend that you check the privacy and security policies of each and every other website / digital platform that you visit.
IF YOU ARE A POTENTIAL CLIENT OR LOOKING FOR INFORMATION OR ASSISTANCE
When you make an enquiry over the phone or through our enquiry email address, we take your contact details so that we can respond to your request. Our legal basis for processing your information is consent if you have voluntarily made contact with us, or contractual if we are processing your information in order to take steps, at your request, prior to entering into a contract.
We will retain the information collected at this point for one year before destruction of our records. If you contact us through our website there is a section below about how we manage personal data gathered from this medium.
On occasion we use a third party outsourced telephone answering service. We mainly use them to answer calls out of office hours, but in peak times the service may pick up a call. The provider will answer the call as if they were an EMG Solicitors Limited employee, taking your contact details and transferring the call as needs be in order for us to respond to your request for information.
IF YOU ARE A CLIENT
As a client, so that we can provide you with a legal service, we will ask and record personal questions about you. We will only process personal data which is necessary for the performance of our contract with you.
As a client we may be required to share your personal and sometimes sensitive information with:
– Regulatory authorities to comply with our legal obligations, like the Office of Financial Sanctions, The National Crime Agency, or the Solicitors Regulation Authority.
– Credit reference agencies to check your identity in accordance with our legal obligations.
– Property search companies to identify any issues that might influence your decision to buy or sell a property.
– Insurers, for the purpose of providing you with appropriate financial cover for an identified insurable risk, or in connection with any claim made by you against us.
– Property agents, brokers, lenders, and other solicitors involved in your transaction representing other party(ies) in your matter, to enable them and us to fulfil our obligations to you.
– Other government departments such as HMRC, Companies House, HM Probate Registry, the Court of Protection or HM Land Registry to fulfil your and our legal obligations.
– Experts and barristers required to work on your matter.
– Case managers, tradesmen, therapists, carers, property agents, brokers, lenders, banks, and other solicitors employed as a result of Court appointed deputyships and trusts.- Our auditors and external assessment bodies to achieve and maintain any regulatory or quality assurance standards and accreditations which meet our legal obligations and enable us to provide legal services to you.
Generally, our legal basis for processing your information is contractual, but we also process your information to comply with our legal requirements. For example, to prevent against money laundering, terrorist financing or financial crime, we may also be obliged to disclose information by court order.
If we have been appointed by the Court of Protection to the role of deputy, we are legally responsible for acting and making decisions on behalf of a person who lacks capacity to make those decisions for themselves. In this case, our legal basis for processing your information is to exercise the official authority vested in the deputy and to protect your vital interests (or the vital interests of another person).
As a client we will retain your personal information in accordance with applicable laws and for no longer than is necessary to:
- carry out services for your matter,
- respond to any questions, complaints or claims made by you or on your behalf and
- to keep records required by law to comply with our legal obligations and our duties to the regulator
Further information about the actual retention period will be provided to you when your matter concludes. After the retention period we will destroy all data.
From time to time we would like to send you information about the services that EMG Solicitors Limited offer, using your contact information. Our legal basis for processing this information will be either direct consent or legitimate interest. As an example, if there has been a change in law relating to your matter we might contact you and our legal basis for doing so would be your legitimate interest.
IF YOU HAVE APPLIED FOR A JOB WITH US
We will ask you for your contact details and work-related history so that we can carry out our selection process prior to inviting you to interview. We may also collect information about you by reference or word of mouth, for example, you may be recommended by a friend or former colleague. Our legal basis for processing your information is a legitimate interest in finding a work opportunity within our firm and you consent to the processing of your data when you make an application.
We will hold your contact details, work history and interview notes for one year if you are unsuccessful in the selection process, and for 6 years after our contract is terminated if we enter into a contract of employment.
We use third party suppliers to collate information throughout the recruitment process. We only share data necessary for the third party to perform their function and obtain a copy of their own privacy notice or a confidentiality agreement for assurance that they process your data in line with the UK’s data protection regulation.
IF WE EMPLOY YOU
When you start to work for us, we ask for your personal data so that we can carry out the terms within our contract of employment, for example, we ask for your bank details to pay your salary. Our legal basis for processing your data is contractual.
We also have legal requirements to report tax information to the HMRC, and have a duty to make reports to the Solicitors Regulation Authority (SRA). Our legal basis for processing this information is our legal obligations.
So that we can carry out our duty of care, we may share your personal data internally with management and first aiders, or externally, with, for example, paramedics. Our legal basis for processing your information for this purpose is protecting your vital interests.
We use third party suppliers to carry out business functions which we outsource for example, IT support, financial advisor, HR consultant, pension provider and payroll provider. We only share data necessary for the third party to perform their function and obtain a copy of their own privacy notice or a confidentiality agreement for assurance that they process your data in line with the UK’s data protection regulation.
We store your information for the duration of your employment plus 6 years after our contract is terminated.
IF YOU ARE A THIRD PARTY SUPPLIER
We take your contact details so that we can enter into a mutual agreement and make payment for your services, reporting to HMRC as required. Our legal basis for processing your information is contractual and also to comply with our legal obligations.
We may use your contact information to invite you to attend one of our specialist seminars or events if we think there is a legitimate interest in the subject matter.
If our contract terminates then we will keep your personal details on record until we destroy the data after a 6 year period from termination of contract.
IF YOU ARE NOT A CLIENT BUT COMPLAIN TO US
If you are not a client of ours but you complain to us about how we have processed your personal information or you seek to exercise a data protection right such as a data subject access request, we will retain details of your complaint or request. We will only use the personal information we collect to process the complaint or request, to audit the level of service we have provided and to provide information to our insurers or regulator.
We will keep information in connection with the complaint or request in line with our retention policy. In most cases this means we will retain the information for six years.
IF YOU ARE A DELEGATE AT ONE OF OUR HOSTED EVENTS
If you sign up to one of our events, we take your contact details to provide you with event details, our legal basis for processing your information is to carry out our contractual terms.
We may share your contact details with an outsourced event planning company so that they can arrange table seating.
We may also use this contact information to send out invitations to any future events which you might like to attend, or if you have directly requested this information.
We will destroy your personal data if you have not made contact with us for 5 years.
If you are a speaker at our meetings you may be audio and video recorded and/or live broadcasted through web streaming. Each speaker is contacted to agree on the collection and on the processing of your personal data and on the publication of the audio and video recordings and/or web streaming. We will destroy the audio and video recordings within one year of recording.
IF YOU VISIT OUR OFFICES
We use CCTV to provide a safe and secure environment for staff and visitors, for the prevention, identification and reduction of crime, to prevent the loss or damage to EMG Solicitors’ or visitors’ property and protect against data security breaches.
We consider the expectations of privacy in the areas where we have installed CCTV and in addition there is no sound functionality.
We record images accessible only by directors and senior management, the data is erased according to our CCTV policy which is available upon request. Monitoring will only be used for wellbeing and security purposes stated above unless it leads to the discovery of a health and safety breach. We display signs to alert people where the cameras are.
IF YOU DIGITALLY SIGN A DOCUMENT
We use a third party service to send and receive documents for digital signing, part of this process is to record all signees digital footprint, this provides a secure audit of the signing process. All data with the third party is purged on a regular basis and kept for no longer than is necessary.
IF YOU ARE A VISITOR TO OUR WEBSITE
Our website is operated by EMG Solicitors Ltd, and we use a third party to host and maintain the live chat service. We collect information about you when you voluntarily complete our enquiry form, send us a message or contact us by any other means of communication. By voluntarily making contact with us, the legal basis for processing your information is consent. We will destroy your personal data which we hold from your website enquiry after one year.
Cookies can be first party or third-party cookies.
• First party cookies – cookies that the website you are visiting places on your device.
• Third party cookies – cookies placed on your device through the website but by third parties, such as, Google.
We use the following cookies on our website:
• Strictly necessary cookies. These cookies are essential in order to enable you to move around our website and use its features. Without these cookies, Services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.
• Performance cookies. These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
• Functionality cookies. These cookies allow our website to remember choices you make (such as your username, language or the region you are in, if applicable) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.
• Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns. They remember that you have visited our website and may help us in compiling your profile. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
• Social Media cookies. These cookies allow you to connect with social media networks such as LinkedIn and twitter. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
For information on how Google uses data from cookies it uses, please visit www.google.com/policies/privacy/partners/
COOKIE CONSENT AND OPTING OUT
We assume that you are happy for us to place cookies on your device. Most Internet browsers automatically accept cookies. However, if you, or another user of your device, wish to withdraw your consent at any time, you have the ability to accept or decline cookies when you visit our webpage. If you choose to decline cookies, you will not be able to fully experience the interactive features of our website, our platforms and Services.
When you arrive on our website a pop-up message will appear asking for your consent to place cookies on your device. In order to provide your consent, please click ‘ok’. Once your consent has been provided, this message will not appear again when you revisit. If you, or another user of your device, wish to withdraw your consent at any time, you can do so by clearing your cookie data in your browser settings and your browsing permission for collecting cookie data will be reset. The next time you visit our website you will be asked once more to accept or decline cookies when you visit our webpage. For more information please visit www.allaboutcookies.org and http://www.youronlinechoices.com/uk/.
To clear cookies that have previously been placed on your browser, you should select the option to clear your browsing history and ensure that the option to delete or clear cookies is included when you do so.
The electronic systems on our website are protected through the use of firewalls and anti-virus software. All data is further protected and held securely. However, we cannot guarantee the security of any data you disclose online. You accept the inherent security risks of providing information and dealing online over the internet and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
DATA PROTECTION REGISTRATION
Data protection law in the UK is regulated by the ICO. We are accountable to the ICO in relation to all of our personal data processing activities. You have the right to make a complaint to the ICO using the following methods:
• On line at: https://ico.org.uk/make-a-complaint
• In writing to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• By telephone on: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
CHANGES TO OUR PRIVACY NOTICE