1. Introduction

Kings Solicitors is a Sole Practitioner Legal Practice whose offices are located at 24 Fore Street, Ivybridge, Devon PL21 9AB. We are a “Data Controller” under the General Data Protection Regulations (GDPR) 2018 and Data Protection Act 2018.

We are authorised and regulated by the Solicitors Regulation Authority (Firm No. 558824) and are bound by its Mandatory Principles. We are also members of the Law Society of England and Wales.

We are committed to protect the personal data you provide to us. This policy sets out the different areas where privacy is concerned and outlines the obligations and requirements regarding the way we gather, store, process and protect your personal information.

 

2. The Legal Basis for information collection and use

We obtain, use and process personal data for one or more of the following reasons:

(i)         In order to comply with our legal obligations – for example, to enable us to conduct risk assessments and carry out client due diligence checks; to comply with the Money Laundering Regulations 2017 which deals with the prevention, detection and investigation of financial crime; managing and monitoring risk to us and our clients; to run our business in an efficient and proper way which includes managing our financial position and business capability, planning and communications; for governance and audit.

(ii)        In the performance of any contract we enter into with you, our employees or our data processors such as our payroll provider, cashiering services, website hosting services. Specifically in relation to our clients, to enable us to properly advise you, to carry out your instructions effectively; to exercise our rights set out in agreements or contracts.

(iii)       For when it is in our legitimate interest to do so – for example, for keeping our accounts and records up-to-date, administering our website, applications and client databases; promoting, developing and improving our services and what we charge for them; managing our relationship with our clients or their business; supporting and managing our staff; responding to complaints and seeking to resolve them.

(iv)      When you consent to it – please note that consent can be withdrawn at any time.

(v)       For Vital Interests – for example, to protect someone’s life (although this is not usually appropriate for medical care planned in advance or where person is capable of giving consent) but could apply to disaster relief or on humanitarian grounds.

(vi)      For a Public Task – for example to send data to the National Archive, or for scientific, research or statistical purposes.

We will usually process your data either under Legal Basis (i), (ii) or (iii), although all three may apply at the same time.

 

3. Whose data do we hold?

We may hold information about the following people:

• Employees
• Clients
• Suppliers and Service Providers
• Professional Experts
• Enquirers and Complainants

 

4. What data will we collect?

We will only collect information from you that is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed. We may collect the following information from you which is defined as “personal data”:

• Personal details
• Family, lifestyle and social circumstances
• Financial details
• Business activities

We may also collect information that is referred to as being in a “special category”. This could include but is not limited to:

• Physical or mental health details
• Racial or ethnic origin
• Religious beliefs or other beliefs of a similar nature
• Criminal Convictions
• Sexual Orientation

 

5. How do we collect information?                                                                                                  

We collect information in two ways:

1. When you directly give it to us (“Directly Provided Data”)

When you instruct us to act for you or communicate with us you may choose to voluntarily give us certain information – for example, by filling in text boxes on our website or via email, on the telephone or by completing a form.  All this information requires a direct action by you at that time in order for us to receive it.

1. When you give us permission to obtain information from other accounts (“Indirect/User Authorised Data”)

Depending on the type of work we carry out on your behalf you may give us permission to obtain information from accounts you have with other services – for example, obtaining financial information from Mortgage Lenders or Banks, medical information from your GP or hospital, employment history/information from a previous or current employer, information held at a Court or Tribunal Service.

 

6. With whom will we share your information?

Under our Code of Conduct there are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. This may include but is not limited to:

• Barristers
• Medical Experts
• Private Investigators
• Social and welfare organisations
• Courts and Tribunals
• Process Servers

We will not pass your information to any unauthorised party or to third parties for the purposes of marketing and/or cold-calling.

 

7. How long will we keep your information for?

We will not retain your personal information indefinitely, however in order to meet our regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we are required to keep both your electronic and hard-copy file, including all information contained therein, in secure storage for a minimum of six years after your matter has concluded. After that time it is confidentially destroyed.

In some cases (for example where we have prepared a Will for you) we may retain your information for a longer period and we will advise you of this at the time.

More information is set out in our Data Retention Policy which is available on request.

 

8. Transfers to third countries

We rarely need to transfer your data to third countries (e.g. USA, China etc). However, should this need arise as a necessary step in the performance of your contract with us, we will ensure that the appropriate safeguards are in place at all times.

 

9. Security arrangements

We shall ensure that all the information you provide to us is kept secure using appropriate technical and organisational measures.

Information entered onto the firm’s electronic Practice Management System is hosted by our service provider on servers based in the UK. The information is encrypted to maximise the security of your personal data.

Hard copies of completed documents you have provided are also held on your matter file.

All staff members receive training on the importance of processing client data securely and protecting that data against accidental loss, damage or destruction.

In the event of a personal data breach we have in place procedures to ensure that the effects of such a breach are minimised and we shall liaise with the Information Commissioners Office (ICO) and with you as appropriate.

More information is available on request.

 

10. What rights do you have?

Depending on which legal basis we have for processing your data, you have the following rights under the GDPR:

• Right to be informed
• Right of access
• Right of rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object
• Rights concerning automated decision-making and profiling
• Right to withdraw Consent

Right to be Informed

You have the right to know how and why we collect and use your personal data and we will give you this detailed information at the outset of our contract with you.

Right of Access

You have the right to see what information we hold about you. To access this, you need to provide a request in writing, together with proof of your identity. We shall provide this information to you upon request in clear, concise and plain English.

We will usually process your request free of charge and within 30 days, however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex.

Full details are available in our Data Subject Access Policy which is available on request.

Right to Rectification

You can request rectification of any personal data we hold if it is inaccurate or incomplete. We shall aim to respond to these requests as quickly as we can and if we have shared any incorrect information with legitimate third parties, we shall inform them of the rectification wherever possible.

Right to Erasure (not applicable under Legal Obligation or Public Task)

You have the right to ask us to erase your personal data in certain circumstances. These include:

• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
• You withdraw your consent;
• The personal data has been unlawfully processed.

We will deal with your request free of charge and within 30 days of receiving your request in writing and proof of identity. We reserve the right to refuse to erase information that we are required to retain by law or regulation or that is required to exercise or defend legal claims.

Right to Data Portability (not applicable under Legal Obligation, Vital Interests or Public Task)

The right to data portability only applies to personal data an individual has provided to a controller, where the processing is based on the individual’s consent or for the performance of a contract and when processing is carried out by automated means.

We do not carry out automated processing at Kings Solicitors.

Right to Object and/or Restrict (not applicable under Legal Obligation, Contract, Consent or Vital Interests)

You can object to the processing of your information and/or restrict how it is processed. However, we do have legal and regulatory obligations with respect to some aspects of your personal information, such as your identification documentation, to comply with current legislation regarding Anti-Money Laundering regulations.

Rights concerning automated decision-making and profiling

The GDPR has provisions on automated individual decision-making (making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

We do not carry out automated decision-making processes at Kings Solicitors.

Right to withdraw Consent

Where we have obtained your consent to certain processing, you have the right to withdraw your consent at any time.  If you wish to withdraw your consent, we will provide you with a Withdrawal of Consent form upon request.

 

11. Who can you complain to?

If you are unhappy about how we are using your information or how we have responded to any request you have submitted to us, you should contact us on 01752 895252.

If your complaint remains unresolved, you can contact the Information Commissioners Office (ICO), with whom we are registered under Registration Number Z6811456, at www.ico.org.uk