Client Privacy Notice
How we use your data
In order that you are reliably informed about how we operate as a Law Firm, we have developed this privacy notice (also known as a Fair Processing Notice or FPN), which describes the ways in which we collect, manage, process, store and share information about you as a result of you instructing us. The privacy notice also provides you with information about how you can have control over the use of your data.
We take your privacy seriously and we will only use your personal information to provide the services you have requested from us. By means of this privacy notice, you also have the right to be duly informed of all the required information you need to know about us, what happens to your data and how it is managed as well as your general rights under the UK General Data Protection Regulation (UK GDPR). The UK GDPR replaced the General Data Protection Regulation (EU) 2016/679 when the UK left the European Union. The UK GDPR includes the same provisions as the previously applied GDPR.
The information that we need for these purposes is known as your “personal data”. This may include your name, home address, email address, telephone, other contact numbers and financial information as well as special category data which includes medical records, health and welfare information, insurance information and work statistics. We collect this in a number of different ways. For example, you may provide this data to us directly online or over the telephone, or when corresponding with us by letter.
Where appropriate we voice record our client interactions, therefore any information captured via this medium will automatically be stored, for training and monitoring purposes, for up to 12 months.
We will use the information that you give us to provide you with legal services, as per your instructions. We will keep your information confidential and will only use it for the purpose(s) for which it was provided or as is permitted in law (i.e. for dealing with complaints or regulatory investigations).
Legal basis for processing data
The legislation requires that we have a legal basis for processing your data. As you are our client the legal bases are:
(a) Consent: you have given clear consent for us to process your personal data for a specific purpose i.e. in this case to deal with a legal matter/judicial act on your behalf. You can withdraw such consent at any time by notifying us via email or letter and you can also request that we cease processing your details any longer. This also includes special category data for the progress of your legal matter with us, under condition (f) entitled “Legal claims or judicial acts” of Article 9 UK GDPR.
(b) Contract: the processing is necessary for the contract you have with us – in this case to deal with a legal matter on your behalf.
(c) Legitimate interest: the processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests for example, to monitor our IT systems and protect them, to prevent fraud, to keep our records/website updated and to ensure we provide our services on our most recently updated terms, to study how clients use our services, to develop them, to grow our business and to inform and deliver our marketing strategy.
(d) Legal obligation: Where we need to comply with a legal or regulatory obligation (for example, the rules which require us to verify the identity of someone before they can become a client, the obligation to carry out internal and external auditing as well as accreditation processes).
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
Where will we store and send your information?
We have put in place appropriate technical and organisational measures to safeguard your personal data including using systems with end-to-end encryption and securing the industry accreditation known as Cyber Security Essentials. The record of your data will be stored in an electronic database system accessed only by authorised individuals. Your information may also be stored on a paper file held securely within our offices. All servers that store your information do so securely and are held within our UK offices.
Who might we share your information with?
We will share your information as required only:
- With our third party agents/suppliers or subcontractors for operational reasons such as confirming your identity and providing secure online services.
- To our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- To search agents, agencies to verify your identity, third party solicitors, barristers and others representing the other party as well as others who we need to instruct to assist us with your matter.
- To any authorities if compelled to do so by law (e.g. the Solicitors Regulation Authority (SRA), the Law Society, Legal Ombudsman Office (LeO), the National Crime Agency (NCA), HM Revenue & Customs (for tax compliance obligations), Information Commissioner’s Office (ICO) on request for specific information and/or to help us investigate any complaints, fraud, data protection matters etc.
- For the purpose of compliance and regulatory reporting and to confirm your identity for anti-money laundering purposes, which may include checking the electoral register.
We will never disclose information about you to third parties, except to fulfil the specific service for which you have engaged us. In these instances, we contractually require that they only use the information to fulfil your requirements and do not use it for their own marketing purposes, unless you explicitly consent. In any case, we will always ensure that your information remains confidential and safe.
You have rights under the UK GDPR and these include:
- the right to access;
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a free copy of your personal data. Such a request does not have to be in writing however ideally, we ask you to put it in writing to the Compliance Department at Proddow Mackay LLP, PM House, 250 Shepcote Lane, Sheffield S9 1TP so we do our best to fully meet your request. Further information can be obtained from the ICO.
- the right to rectification;
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
- the right to erasure;
In some circumstances you have the right to the erasure of your personal data without undue delay. Such circumstances include: the personal data is no longer necessary in relation to the purposes for which it was originally collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. There are certain exceptions to this right which can be accessed on the ICO website.
(d) the right to restrict processing;
In some circumstances you have the right to restrict the processing of your personal data. Such circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. For further details relating to recommencement of processing please refer to the ICO website.
(e) the right to object to processing;
You have the right to object to our processing of your personal data on grounds relating to your particular situation. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claim.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
(f) the right to data portability;
To the extent that the legal basis for our processing of your personal data is consent or that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
(g) the right to complain to a supervisory authority;
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection i.e. the ICO.
(h) the right to withdraw consent.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
For full details of your Data Subject Rights please visit https://ico.org.uk/your-data-matters/
How long will we hold your data?
We will only hold your information for as long as is necessary to provide you with the legal services we are providing you, and then for only so long as we are required either contractually or under our regulatory obligations. This will usually not be more than six years after the end of your case. After this time, we will confidentially destroy all information that we hold about you other than your name, address and date of birth which we will be obliged to continue to hold for the purposes of ensuring that we never act for another client where doing so would conflict with our obligations of confidentiality to you.
Complaints about the data held by us
If you have a complaint about the information that we hold about you please write to: Compliance Department at PM Group, PM House, 250, Shepcote Lane, Sheffield S9 1TP.
If you are dissatisfied with the response you have a legal right to lodge a complaint with the Information Commissioner’s Office (ICO) which is the organisation responsible for data protection in the U.K. You can contact them by:
The Information Commissioner
Telephone: 0303 123 1113 or 01625 545745
Contact us about your rights
For more information about how your rights apply to you or to make a request under your rights you can contact us by emailing firstname.lastname@example.org or by writing to our office.
We reserve the right to update this Privacy Notice at any time and recommend that you check regularly on our website for updates. We won’t alert you for every minor change, but if there are any important changes to this notice or how we use your information we will let you know and where appropriate ask for your consent.