Data Protection (GDPR)
Our firm is required to comply in a number of ways with the statutory regulation on data protection.
Personal data is defined by the General Data Protection Regulation (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Our policy is to treat everything we know about you as confidential.
Unless it is necessary for the performance of our obligations to you, we never discuss your matter with anyone inside or outside the firm without your permission.
Your privacy will be respected at all times. We will never disclose any information which may be confidential to you or your matter. Under no circumstances will any of your personal information be disclosed to another party without your express consent
What Are Your Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. Our Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
- The right to access the personal data we hold about you.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly and we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Further information about your rights and how we process your data can also be obtained by requesting a copy of our privacy notice. Information on your rights and the GDPR in general can also be obtained from the Information Commissioner’s Office or from your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. However, we would welcome the opportunity to resolve your concerns ourselves first, so please contact data protection officer, who will do his very best to resolve the matter with you.
Purposes of Processing
Your data will be processed in order to:
- Provide services under contract to you and others
- Comply with regulatory and other legal obligations
- Administrate justice
- Protect Chris Alexander Solicitors against potential claims
Your data will be processed on the basis that Chris Alexander Solicitors has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to Chris Alexander Solicitors processing that data or that they have obtained written consent from the data subject.
Personal Data Held
As a minimum, Chris Alexander Solicitors is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, Chris Alexander Solicitors holds whatever information is provided to it by its clients and others. This will rarely special category data.
Failure to Provide Data
If you fail to provide Chris Alexander Solicitors with the data required, you will not be able to receive any services.
Chris Alexander Solicitors obtains most personal data from its clients and those who have indicated that they have an interest in Chris Alexander Solicitors’ services. The firm also obtains some personal data from other correspondents and collects some data from publicly available sources (e.g. Companies House).
Any data provided by a client is treated as confidential to that client and will only be shared with others in so far as this is necessary to provide the services contracted for by the client, to comply with regulatory and other legal obligations and to protect Chris Alexander Solicitors against a potential claim. In order to provide its services, Chris Alexander Solicitors relies on the services of certain data processors. These include secure cloud storage for files and emails. In each case, the firm ensures that data is processed in compliance with this policy.
Third Countries and Safeguards
Other than where required in order to provide services as required in individual client matters, data is rarely sent to third countries. Where it is, the relevant devices are password protected and equipped with tracking and remote wipe software. The devices are personally accompanied.
Data is held for six years from the end of the relevant or for six years where not associated with a particular matter.