PRIVACY NOTICE

  1. Who are we?
  2. What is the purpose of this notice?
  3. Data Protection Act 1998 terminology
  4. What we need
  5. Why we need it
  6. What we do with it
  7. Where we keep it
  8. How long we keep it
  9. What we would also like to do with it
  10. What are your rights?
  11. Subject access requests/right of access
  12. Complaints
  13. Review of privacy notice

1. Who are we?

For the purposes of DPA and GDPR the data controller is C Nicholls of C Nicholls Solicitors of 71 Fore Street, Bodmin, Cornwall PL31 2JB. To request more information about our privacy policy or data protection please contact Chris Nicholls at cnicholls@cnicholls.co.uk or write to us.

2. What is the purpose of this notice?

To describe how we collect and use personal data about you in accordance with the General Data Protection Regulation (“GDPR”), in conjunction with the Data Protection Act 1998 (“DPA”). The new Regulation supports your right to have your privacy respected and your data protected. It is designed to give you confidence that the personal information we hold about you is accurate, up to date and well managed and to give you easier access to that information if you wish to check or change it.

3. Data Protection Act 1998

It is a legal requirement that solicitors' practices are compliant with the Data Protection Act 1998. This Act gives individuals, to whom relevant personal data relates, rights of access.

The Act implements the European Directive on this issue.

When it comes into force on 25th May 2018 the EU General Data Protection Regulation will supersede the Data Protection Act 1998 and will apply to solicitors and will be binding and affect anyone who holds personal data on someone alive and identifiable.

By way of explanation of Data Protection Act 1998 terminology:

Data

This means information that:

Data Controller

This is a person who determines the purposes for which and the manner in which any personal data is processed.

Personal Data

This means data relating to a living individual who can be identified:

Processing

This means obtaining, recording or holding information or data.

Rights

Personal data should be processed fairly and lawfully. Section 7 entitles an individual to be informed of certain matters by any Data

This is the right of “subject access”

An individual may also, in certain circumstances, give notice to a Data Controller restricting the ways in which data can be used, for example, if the processing is causing substantial damage or substantial distress and this is unwarranted.

With the information set out above you should be better able to understand the C Nicholls Solicitors Privacy Notice.

4. What we need

C Nicholls Solicitors will be what is known as the “controller” of the personal data you provide to us. We collect and process basic personal data about you and sensitive or special categories of personal information about you (known as Special Category Data). Personal data categories include name, address, email, telephone number, financial information (payment information such as a debit/credit card). Special categories include health data, racial or ethnic origin and biometric data, in particular passports to identify and verify individuals as required by law.

5. Why we need it

We need to know your basic personal data in order to provide goods and services to you, perform any contractual obligations we have with you, provide you with marketing, tell you about our products and services and deal with questions you may ask using our website. We will not collect any personal data from you we do not need and will oversee this service to you. We collect data via our website, through engaging our services and/or service providers, networking and various communications.

6. What we do with it

We only ever use your personal data with your consent, or where it is necessary:

In any event, we will use your information only for the purpose(s) it was collected for (or for closely related purposes).

We may process personal information for certain legitimate business purposes, which include some or all of the following:

Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.

When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact upon you (both positive and negative), and your rights under data protection laws. We may rely upon this legal basis if we use your information to understand and improve our services, to help find out what information and services are most likely to interest you, to send or show you information, offers and on-line advertisements for these services. Our legitimate business interests do not automatically override your interests: we will not use your personal data for activities where our interests are overridden by the impact upon you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so please click here/tell us. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.

7. Where we keep it

We are based in the United Kingdom and we store our data within the European Union (“EU”). Some organisations which provide services to us may transfer personal data outside of the EU, but we will allow them to do so only if your data is adequately protected.

For example, some of our systems use Microsoft products. As a US company, it may be that using their products results in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA's Privacy Shield Scheme).

8. How long we keep it

We will use and store information only for so long as it is required for the purposes it was collected. How long information will be stored depends upon the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we will keep a record of your preference not to be emailed).

We continually review what information we hold and delete what is no longer required. We never store payment card information. We will not retain your data for any longer than necessary (our data retention policy is dictated by the DPA/GDPR). We hold your data for periods ranging from 3 to 13 years, subject to the requirements of the Solicitors Regulation Authority. Guidance is available on request.

9. What we would also like to do with it

We would, however, like to use your name and email address to inform you of our future offers and similar services. This information is not shared with third parties and you can unsubscribe at any time via phone, email or on our website. Please indicate below if this is something you would like to sign up to.

Please sign me up to receive details about future offers from C Nicholls Solicitors, e.g. Wills.

10. What are your rights?

We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

Please keep in mind that there are exceptions to the rights above and, although we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

11. Subject access requests/right of access

We aim to be transparent in giving people access to their personal information. You can find out if we hold any personal information by making a “subject access request” under the DPA and exercising your “right of access” under the GDPR. If we do hold information about you we will respond in writing within one calendar month of receiving your request. The information we supply will

To make a request for any personal information please write to us at the address provided in this notice. Please note that to access your data you may need to provide evidence of identity.

If you agree, we will try to deal with your request informally, for example, by giving you the specific information needed over the phone.

If we do not hold information about you we will confirm this in writing at the earliest opportunity.

12. Complaints

You have the right to complain about the processing of your personal information. Please contact us using the details provided above. If you are still dissatisfied you have the right to complain to the Information Commissioners Office: www.ico.org.uk

13. Review of privacy notice

If we change any part of our privacy notice, following regular review, we will post the current version on our website

Version date 08.06.18