This Privacy Policy should be read and construed in conjunction with the client care letter and Terms of Business which accompanies or refers to them.
We are committed to protecting the privacy and security of your personal information and the personal information you provide to us on behalf of others, for example on child-related matters. References to “you” in this policy are also references to third parties on behalf of which you specifically instruct us. This Privacy Notice sets out:
a) The kind of information we hold about you
b) When we will use the information we hold;
c) Who we may share your personal data with and why;
d) How we store your personal data;
e) How long we store your personal data;
f) Your rights as a data subject. ;
This Privacy Policy describes how we collect and use personal data about you during and after the delivery of our services, in accordance with the General Data Protection Regulation (“GDPR”).
Southgate Solicitors is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Policy.
This notice applies to current and future clients of Southgate Solicitors. This notice does not form any part of any contract to provide services. We may update this notice at any time.
We will comply with data protection law. This says that the personal information we hold about you must be:a) Used lawfully, fairly and in a transparent way;
b) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
c) Relevant to the purposes we have told you about and limited only to those purposes;
d) Accurate and kept up to date;
e) Kept only as long as necessary for the purposes we have told you about;
f) Kept securely.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The following categories of personal data that we collect, store, and use include, but are not limited to:
a) personal contact details such as your name, title, addresses, telephone numbers, and personal email addresses;
b) date of birth;
c) gender;
d) proof of identity documents, including passports, which indicate your national identity and/or driving licenses;
e) proof of your address.
We collect the data described in 3.2 upon your instruction of us to provide our services to you. The data will be sent from you, or an agent on your behalf.
We may collect additional personal data in the course of providing our services throughout the period during which we are instructed by you. This may include, but is not limited to:
a) financial information relating to you, and if relevant, your business(es);
b) employment records (including job titles, work history, professional memberships);
c) further data and information relating to your matter or matters, including information relating to businesses involved in your matter or matters;
d) any other information that may contain personal data that is necessary for us to provide you with our services.
We will use the personal data described in clause 3.2 to comply with our legal obligation to the Solicitors Regulation Authority. We will also use this data to identify you and contact you throughout the course of contract to provide our services.
We will use the additional personal data described in clause 3.4 to fulfil the contract to provide our services to you.
We may use your personal data in other circumstances when the law allows us to. This may occur in the following circumstances:
a) Where it is necessary to comply with other legal, accounting, reporting or regulatory obligations;
b) Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
c) Where we need to protect your interests (or somebody else’s interests);
d) Where it is needed in the public interest or for official purposes.
Notwithstanding the confidentiality clause 18 in our Terms of Business, we will be entitled to pass on information to third parties which may contain personal data where required by law, where it is necessary to administer the contract we hold with you or where we have another legitimate interest in doing so.
We have ensured that every third party that we may have to pass your personal data to has a duty to us to ensure secure data processing in line with the GDPR. Where any transfer is made to a country outside of the EEA and the European Commission has not made an adequacy decision in relation to the laws of that country we will ensure that appropriate safeguards are in place prior to any transfer of your data. Those safeguards are likely to consist of either the use of standard data protection clauses adopted or approved by the European Commission or transfer to a US-based recipient which is a member of the EU-US Privacy Shield self-certification arrangement or an equivalent regime.
They will also not pass your data on to another party without our permission, except where they are permitted or required to do so by law. We do not allow third parties to use your personal data for their own purposes. We only permit them to use your personal data for specified purposes and in accordance with our instruction.
In line with the GDPR, we have a responsibility to take all reasonable and proportionate measures to keep your data stored safely and securely.
We have put in place appropriate technological and security measures to ensure that the personal data we have is protected from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We limit access to your personal information to those employees and other third parties who have a legitimate need to know. They will only process your personal information on our instructions and they are subject to the duty of confidentiality outlined in clause 18 of our Terms of Business.
If there is a data breach, we are under an obligation under the GDPR to report the breach within 72 hours to the relevant authority. You also have the right to be informed promptly of a serious breach if it happens.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, regulatory or reporting requirements. This includes the obligation we have to the Solicitors Regulation Authority to retain certain documents for specific periods of time as outlined in Section 29 of the Accounting Rules for Solicitors as amended from time to time.
8.1 It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
a) request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no lawful or legitimate reason for us continuing to process it;
b) request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
c) request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
d) request the transfer of your personal information to another party.
e) request the restriction of data processing. This enables you to request that we suspend the processing of your personal data, for example if you are awaiting the lawful reason for the processing or require more information about our lawful basis for the processing. If you decide to exercise any of these rights, it may prevent or impact on us fulfilling our obligation to provide services to you.
You may read more about your rights as a data subject under the GDPR at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Hasan Hadi, Director of Southgate Solicitors Limited, Third Floor, Crown House, 47 Chase Side, London, N14 5BP in writing.
You have the right to complain to the Information Commissioner’s Office if you think there is a problem with the way we handle your data.
If you have any questions about this Privacy Policy, please contact Hasan Hadi, Director of Southgate Solicitors Limited, Third Floor, Crown House, 47 Chase Side, London, N14 5BP.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us. You can do this by writing to us at [email protected]
Send your details to us and we will call you back to take further information about your matter, or you can click the number below.