Kemps Solicitors is the data controller in respect of all personal data collected, which means that we are responsible for ensuring that we do so in full compliance and meeting our legal obligations as laid down by the General Data Protection Regulation (GDPR) and all other related privacy laws.
Personal data is any information relating to an identified or identifiable individual. Special category personal data is data that reveals racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and or biometric data, details of health, sex-life or sexual orientation.
This policy explains: • What personal data we collect; • How we collect, store, use or share your personal data; • Why we collect your personal data; • Your rights in relation to your personal data; and • Who and how to contact in the event of a concern or a complaint about the way your personal data has been collected, store, used or shared. • The steps we take to ensure that it is kept secure Please note our website may contain links to other websites which are provided for your convenience. We are only responsible for the privacy practices and security of our site. We recommend that you check the privacy and security policies and procedures of other websites that you visit.
What personal data do we collect?
The lists below set out the personal data we will or may collect in the course of advising and/or acting for you.
Personal data we will collect: • Your name, address, telephone numbers (including mobiles) and email address • Date of birth • Information to enable us to check and verify your identity, e.g. your passport details • Information relating to the matter in which you are seeking our advice or representation • Your financial details so far as relevant to your instructions
Personal data we may collect: • Your National Insurance and tax details • Your bank and/or building society details • Details of your spouse/partner and dependants or other family members • Your financial details, bank accounts, savings and pension details • Your employment status and details including salary and benefits, as well as records • Your nationality and immigration status and information from related documents • Your racial or ethnic origin • Your medical records
We will only collect personal data that is relevant to the service we are performing for you, or that is incidental to that service. This personal data may be required to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
How is your personal data collected?
We collect most of this information from you. However, we may also collect information: • from publicly accessible sources, e.g. social media or Companies House; • directly from a third party such as enforcement bodies and those with responsibilities for prosecuting criminal offences; • from a third party with your consent, e.g. consultants and other professionals engaged in relation to your matter; your employer, trade union or professional body; doctors, medical and occupational health professionals; insurance companies. • via our information technology (IT) systems, e.g.: case management and document management systems; email system.
How and why we will use your personal data
We can only use your personal data if we have a lawful and proper reason for doing so. We may use personal data to: • Provide legal services • Conduct checks to identify our clients and verify their identity • Comply with professional, legal and regulatory obligations that apply to our business, e.g. rules issued by our professional regulator • Gather and provide information required by or relating to audits, enquiries or investigations by regulatory bodies • Ensure business policies are adhered to, e.g. policies covering security and internet use • Improve efficiency, train staff or assess quality control • Ensure the confidentiality of commercially sensitive information • Conduct statistical analysis to help us manage our practice, e.g. in relation to our financial performance, client base, work type or other efficiency measures • Prevent unauthorised access and modifications to systems • Update client records • Complete statutory returns • Ensure safe working practices, staff administration and assessments • Undergo external audits and quality checks, e.g. for SQM accreditation and the audit of our accounts
We will process data in those ways for the following reasons: • to comply with our legal and regulatory obligations; • for the performance of our service for you or to take steps at your request before providing our service; • where you have given consent. We will only process special category personal data described above with your explicit consent.
Who we share your personal data with
As a part of our services to you, we will have to share your data with your instructed barrister(s). We may also have to contact other organisations about you, including solicitors, courts, funders, experts such as medical consultants etc We only allow our service providers (such as our IT Contractors) to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. We may disclose your personal data to our regulatory bodies to comply with our legal and regulatory obligations. We will not share your personal data with any other third party without your specific consent.
Where your personal data is heldInformation may be held at our offices on paper or on IT systems, by service providers, representatives and agents as described above (see ‘Who we share your personal data with’). All of our service providers are based inside the European Economic Area.
How long your personal data will be kept
We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons: • to respond to any questions, complaints or claims made by you or on your behalf; • to show that we treated you fairly; • to keep records required by law. We will not retain your data for longer than necessary. Different retention periods apply for different types of data. In general we will retain electronic material for 6 years. When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Transferring your personal data out of the EEA
To deliver services to you, it may on rare occasions be sometimes necessary for us to share your personal data outside the European Economic Area (EEA), eg: • if you are based outside the EEA; • where there is an international connection to the matter in which we are advising you. These transfers are subject to special rules under European and UK data protection law. In the event that such transfer is necessary we will advise you on a case by case basis.
You have the right to access your data free of charge, have it rectified (if there are mistakes in your personal data), to be forgotten (in certain situations), to restrict our processing of your data (e.g. if it is inaccurate), to request a copy of the data we hold, to object to your data being processed for marketing purposes or the continued use of your data for our legitimate interests and not to be subject to profiling.
The GDPR provides the following rights for individuals: • The right to be informed • The right of access • The right to rectification • The right to erasure • The right to restrict processing • The right to data portability • The right to object • Rights in relation to automated decision making and profiling. For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please let us know what right you want to exercise and the information to which your request relates and then contact us in writing or by email (see the section "How to contact us" below). Please include your name, address and/or email address when you contact us as this helps us to ensure that we accept amendments only from the correct person. Please include proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); We encourage you to promptly update your personal information if it changes. If you are providing updates or corrections about another person, we may require you to provide us with proof that you are authorised to provide that information to us.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk
How to contact us
Mr Gregory M Kemp, Data Protection Officer Kemps Solicitors Hollinwood Business Centre, Albert Street, Hollinwood, Oldham, OL8 3LR
Telephone: 0161 633 0555
|Web design software by PersonalWebKit|