GDPR

25th May 2018

For the purposes of the General Data Protection Regulations (GDPR) we will be a ‘data controller’ and ‘data processor’ in respect of any personal information and data we hold about you. This policy is intended to set out our standards of confidentiality when we collect, use and disclose to others any such personal information while providing you with legal advice, representation and other services. We have appointed a Data Protection Officer (DPO). If you have any problems or complaints relating to this policy please contact our DPO 47 Hewell Road Barnt Green B45 8NL or call him on 0121 447 8088, or email him at vikas@sehdevalaw.com. If you remain dissatisfied, you may lodge a complaint with the Information Commissioner’s Office (ico.org.uk). This policy is subject to change from time to time.

Who

This policy applies to everyone from whom we collect and process personal information including, but not limited to, our clients, our referrers of work, barristers and expert witnesses/consultants we employ, other solicitors and their clients or people acting in person, the courts or tribunals, mediators, our regulators, insurance companies, cost draftsmen/lawyers, accountants, auditors In addition, the employees of all such entities.

What

We are a multi-service law firm and it would not be possible to list every type of personal information we gather during our business relationships and which are necessary for us to deliver our services. Some of the categories of data we collect include, but are not limited to, contact data (addresses, email addresses, telephone numbers), Identity data (names, marital status, date of birth, gender, NI number, family relationships, employment status, job title), Financial data (bank accounts, credit and debit card details, business accounts, salary), Transaction data (retainers, contracts, deeds and documents, evidence, photographs, diary entries, emails records), Medical data (records, reports).

Where

The data we receive comes from many sources including, but not limited to, our direct interactions with our clients, contacts, introducers. It is kept in paper files within the filing system, practice and case management systems, Word, Excel, Outlook and other document management systems, audit records, sub-contractor registers, management records, complaints and claims registers. We may transfer data out of the EU where there was an international legal transaction or court action requiring that transfer.

How

We use personal data to the extent we are lawfully allowed to including, but not limited to, contractual obligations with clients and third parties(providing advice and services, billing, internal registers and records), where it is in our legitimate interest (or those of a third party) to do so ( allowing access to our files for audit by regulators, quality assurance, accountants, business partners, or prospective associates, conducting satisfaction surveys), where we need to comply with a legal or regulatory obligation (such as the Solicitors Regulation Authority, the Legal Ombudsman, or under our anti-money laundering obligations), or, rarely, where we have received consent to use that data. Where we process special categories of personal data it will be in respect of your legal case only and will be done under Article 9 (2), although not limited to these exceptions, with your explicit consent, or where it is necessary for the establishment, exercise or defence of legal claims on your behalf. This might be done by mail, email, telephone, fax or other communication media.

With whom

We only share personal information where we are reasonably certain that the data will protected. The categories of people and organisations that we might share data with include, but are not limited to, internal third parties (consultants, contractors, agents, lawyers and employees from other offices, or companies within a Group of companies), External third parties (barristers, experts, outsourced IT and other service providers, professional advisers, regulators and other UK authorities, fraud prevention agencies, satisfaction survey companies), External businesses ( negotiate for sale, transfer or merger of all or part of our business).

Security

We are committed to data security and have put in place reasonable physical, electronic and managerial security measures to protect personal data we hold and prevent it being lost, stolen, or used in unauthorised ways. We have procedures to deal with any data breaches and will notify you and our regulator where we are legally required to do so.

How long

We will hold personal data, whether in electronic or paper form for as long as necessary to fulfil the purposes we collected it for but for a minimum of 7 years after it was collected.

Legal rights

We recognise the rights of individuals under the data protection laws where we process their data. They may request a copy of the data we hold, object to our processing of the personal data or request restriction of our processing of the data, request correction of data, request erasure or transfer of the personal data, and withdraw consent to processing. You should not have to pay a fee to exercise any of these rights unless the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in those circumstances.

We try to respond to all legitimate requests within one month