In fulfilment of the statutory obligations of personal data and privacy protection, stipulated by the Data Protection Act (DPA) and the General Data Protection Regulation (GDPR) 2018, both of which came in force on the 25th May 2018, our law firm privacy policy gives details about the personal information we hold.
Processing Personal Data
By the extant law, we are allowed to collect, process and hold your personal data. We obtain personal data for the record as demanded by the laws, particularly from our individual clients, employees and general members of the public that we have business course to relate with. The details you are entitled to know are set out below.
Clients:
As our clients, the main purpose of collecting, processing and retaining your information is based on your mandate to our law firm or any of our individual solicitors, acting in his/her capacity as a member of our law firm, to provide you with legal services under the agreement we have with you. This enables us to process your data for the purposes of legal service delivery.
Employees:
As colleagues in the employment of our law firm, we abide by the employment laws, regulations and policies to demand, collect, process and store your personal details to ensure that we meet with the statutory mandates of the UK government, HMRC and the other statutory bodies. We also demand, collect, process and retain personal details of our solicitors for the record of the professional bodies and associated institutions.
HOW WE COLLECT YOUR PERSONAL DATA:
We collect your personal data directly from you or from your former solicitor(s) or opposing solicitor(s) during the conduct of your case or from Barrister(s), or any other person in legal representative capacity or local council. We receive your personal data through email; fax; an online web form; by post; over the telephone; face to face or through other channel that is easily accessible.
YOUR PERSONAL DATA WE COLLECT:
We collect your (full) record names; contact address; telephone numbers; email address; your age; ethnicity; gender; financial details; a copy of your educational and professional certificates; documents; international passport; (provisional/full) driving licence; utility bills; and proof of address, etc. including information about your legal problem.
HOW WE USE YOUR PERSONAL DATA:
Your personal data are used based on your instructions and requests for providing you with legal services in form of advice, counselling, court representation and for other connected reasons, which may involve associated services.
Where it becomes necessary or required, we share your personal data with trusted third parties like barristers; process servers; court bailiffs; accountants; auditors; translators; cloud service provider(s); and other professionals or services providers, in the course of rendering legal services based on your instructions to us.
Our law firm maintains a transfer policy on the personal information of our clients that we share with third party to ensure security and safety of their details. We agree in our transfer policy contract with the third party that:
- Restricted information of our clients shall be provided based on the need(s) arising to perform their specific part of the legal services that we are retained to provide;
- They ensure they restrict the use of our client’s personal data for the exact reasons and purposes we have engaged them or they are hired to perform in the interest of our clients;
- We must be promptly informed in case of misuse of our client’s information in time of incidental or accidental breach within 48 hours and before the clock of the prescribed 72 hours;
- Your personal data shared with and held by third party shall not be further shared unless we are first consulted in writing and demand for the freely given consent of our client, provided the recipient is not a government agency, or are to be used for any purpose that are legally allowed within the scope of the extant laws;
- Your personal data shared with and held in the custody of a third party shall be held in trust and stored under a secured condition from probable leak, discovery or misuse by anybody, including their members of staff;
- Your personal data held in the storage of a third party must be promptly and securely deleted or converted or held anonymously in their storage, in the event we end or quit using their services.
PROTECTING YOUR DATA:
We regard your personal data as an object of professional trust. We treat it with every sense of confidentiality and take appropriate steps to make it safe with us. Our law firm security policies and procedures are constantly evaluated to meet up with acceptable quality standards and compliance processes that are encouraged by the ICO, in accordance with the law.
Our IT systems are regularly maintained under our cybersecurity approach to resist cyber-attack, cyber theft, web cloning, as part of the technical measures to ensure safety of your personal data. Database that hosts your personal information is password-protected and encrypted. We restrict access to your personal details under the organisational policy to staff working on your file in other to minimise organisational risk of breach.
We carry out regular check on our law firm IT systems to assess security formidability against attack and other risks. We also conduct penetration testing to determine how best to further reinforce the security measures.
RETAINING YOUR PERSONAL DATA:
As prescribed under the law, our law firm does not keep your personal details held in our custody in excess of the statutory period of 6 years by which time we must have completed our legal services on your instruction and closed your file.
We refrain from holding clients’ personal details, in the case of ordinary consultation. In the case of client who we could not complete his/her legal service for any reason beyond our control, their personal data are erased from our law firm storage after 24 months).
If for some legitimate reasons, our law firm may hold and retain our clients’ personal details for a period longer than the statutorily prescribed term, subject to your consent, should your case is captured within this class.
WHERE WE PROCESS YOUR PERSONAL DATA:
We refrain, under any circumstance that we can control, to share your personal data for storage, retention or processing with any third party outside the European Economic Area (EEA), including all EU Member states, Iceland, Liechtenstein and Norway.
Our law firm holds and processes your personal data within the European Economic Area (EEA) but if we must pass on your personal data to any third party out of the stated region, it shall be by your specific consent to do so, first had and obtained from you.
KNOW YOUR RIGHTS:
As dictated under the EU-GDPR 2018 and UK - DPA 2018, as a client or employee; you are entitled to be clearly informed of your statutory rights about the handling of your personal data in our law firm. You are entitled under the law to request to know:
- RIGHT TO KNOW:
Right to request access to the data we process about you; - RIGHT TO CORRECTION:
Right to request that we correct inaccurate or incomplete data about you; - RIGHT TO ERASURE:
Right to request deletion of data about you; - RIGHT TO RESTRICTION:
Right to request restrictions, temporarily or permanently, on the processing of some or all personal data about you; - RIGHT TO PORTABILITY:
Right to request portability or transfer of data to you or a third party where we process the data based on your consent or a contact with you, and where our processing is automated; - RIGHT TO DECLINE:
Right to opt-out or object to our law office use of your personal data, where our use is based on your consent or our legitimate interests; - RIGHT TO ACCESS THRID PARTY:
Right to inquire about how a third party we do business with use your personal data. - RIGHT TO OBJECT:
Right to raise concern on how we use your personal data; and - RIGHT TO SET LIMIT:
Right to limit how your personal data are being used or processed.
BE INFORMED:
You do not have to pay a fee as a service charge before any of these rights are granted or obliged in your favour.
As contained in our policy drive to respond to your request within 30 days, you cannot force us to meet your request within a specified number of days as against what is provided under the GDPR and DPA 2018 that stipulates a maximum of one month;
In the case of request that is complex and meeting it requires that you cannot force us to meet your request within one calendar month if we must handle it meticulously.
You cannot also stop us from giving your personal data to a statutory body when demanded in accordance with the extant law.
Where we are legally constrained or officially restricted under the purview of the law, we may not be able to address the specific request you make in regard to your rights.
There are many ways you can contact us in exercise of your rights, including by phone, email, live chat and post, as provided below:
Abubakar Orisankoko, Esq.
Unit 7 River Road Business Park,
33 River Road, Barking, IG11 0EA
Tel: 020 3603 2733
Mob: 07815 852 284/07508 335 840
Fax: 0203 417 3434
www.qtsolicitors.co.uk
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.