THE GENERAL DATA PROTECTION REGULATIONS (GDPR)

 

Sharif McKenzie Solicitors is committed to protecting and respecting your privacy.

This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand how we will treat it, protect it and to understand more about your rights. By providing your personal information to us you are agreeing to us using your information as described in this policy.

 

What information will we collect from you?    

In order to ensure that the data we collect from you is being processed lawfully and fairly in accordance with the GDPR We will only collect information from you that is relevant to the matter that we are instructed with. By retaining us in your matter you are authorising us to process your personal data (including sensitive data such as credit/debit card details) upon a contractual basis. In particular, whilst acting for you we may collect the following information from you which is defined as ‘personal data’: Personal details, such as family, lifestyle and social circumstances, financial details and business activities of the person whose details we are processing.   

We may also collect information that is referred to as being in a ‘special category’. This could include: Physical or mental health details, racial or ethnic origin, religious beliefs or other beliefs of a similar nature, biometric data, criminal convictions & sexual orientation. You authorise us to process this data on the basis that it is necessary for the establishment, exercise or defence, or legal claims under this contract.   

 

How will we use your information?    

We will mainly use your information for the provision of legal advice, and this is necessary for the performance of the contract between us. We may also use it for: Administering any accounts, processing your bank/credit card details in order to obtain payment, the prevention and detection of fraud, credit reference checks (where appropriate).   

From time to time we may need to disclose information to third parties such as barristers, accountants, and government agencies. It may also be necessary to permit third parties (such as auditors, our professional indemnity insurers, and Solicitors Regulation Authority) to have access to your information for administrative or regulatory purposes. From time to time we may be obliged to transfer information to countries outside the European Economic Area which do not provide the same level of data protection as the UK. By instructing us, you consent to us processing your personal information and to disclosing the same to the extent necessary for the purposes set out above. We will use reasonable endeavours to keep such information secure and to take appropriate technical and organisational measures against any unauthorised or unlawful processing/accidental loss/destruction/damage of any personal data within that information. It is impossible to guarantee that your information will be free from every possible security breach and you acknowledge and accept that risk in instructing us.   

 

Who will we share your information with?    

Marketing: from time to time, we may use your personal information for marketing purposes. Under the GDPR, we are obliged to ask if you object to us sharing your information for marketing purposes. If you do not want us to share your personal information for marketing purposes, you must let us know when you return the retainer letter by ticking the appropriate consent box.   

Under our Code of Conduct 2011 there are strict rules governing solicitors regarding who we can share your information with. This will normally be limited to other people who will assist with your matter. This may include: Barristers and other solicitors, medical experts, healthcare professionals, social and welfare organisations the courts and tribunals (not exhaustive).   We may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies if you do not pay our bills. We shall not disclose any of your personal information which we obtain as a result of acting for you on your matter to any other person or party; except:   

• As is reasonable and necessary for the purpose of carrying out your instructions.   

• As required by law including in response to any requests for information under freedom of information or environmental legislation.   

• As required by any regulatory, governmental, or other authority (including the SRA) to which we are subject too.   

• As is required to enable us to enforce our rights under the client care letter (or retainer).   

 

How long will we keep your information for?    

We will keep your information throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law. We will ensure any softcopy sensitive personal information is saved safely on our systems and hard copy files are stored in a secure facility. You may request a copy of your file at any stage (subject to our right to exercise a lien in relation to outstanding fees). We will deliver originals to you in a reasonable time frame following any requests. A copy of the file will be retained by us for insurance purposes. Any subsequent request for additional copies may incur a small fee in line with the charges detailed above.   

 

Where We Hold Your Personal Data

Your data will be stored at our offices and on our IT equipment, or where your information is shared with a third party, at their premises or on their IT equipment.

We archive our old files to a secure facility prior to destruction. Details are available on request.

 

Transferring your personal data outside of the EEA

Since we do not have offices outside England & Wales, we have no reason to transfer your personal data outside the European Economic Area unless you or a third party with whom we must share your personal data are based outside the EEA.

Where we use third party IT services (e.g. ‘cloud’ based software) we shall ensure that their data centres are either within the EEA or that there are lawful safeguards in place to protect your personal data to the same standard as if it were held within the EEA.

 

What rights do you have?  

You have a series of rights under the GDPR, including the right to access a copy of the information we hold about you and in certain circumstances, the right to have personal data deleted. If you wish to submit a Subject Access Request, or SAR, please contact the fee earner with day to day management of the file or our Data Protection Officer at admin@sharifmckenzie.com.

If you are aware that any of the data we are holding is inaccurate, it is your responsibility to inform us of any changes affecting your personal circumstances.   

 

Who can you complain to if you are unhappy about the information we are holding about you?    

If you are unhappy about how we are using your information then initially you should contact the Data Protection Officer. If your complaint remains unresolved, then you can contact the Information Commissioner’s Office, details available at www.ico.ora.uk or call Tel: 0303 123 1113.

You have the right to be forgotten (Erasure). Data Subjects have the right to request that all their data be erased (this is not an absolute right and we may continue to process your data if it remains necessary for the purpose it was originally collected. If you do not wish to receive information from us and our services, wish to receive only certain kinds of information, or wish to receive information only by a particular method please notify our Data Protection Officer at admin@sharifmckenzie.com