This policy explains why and when we collect information about you, what we need it for and how we will use it, who we might share it with and how we will keep it secure.
This notice is intended only for clients or prospective clients. You should read this notice alongside your Client Care Letter and our Terms of Business.
Who we are
We are Ratcliffes Solicitors and we are what is called the ‘data controller’ of the personal information that you provide us with.
Ratcliffes Solicitors is regulated by the Solicitors’ Regulation Authority under number 301782.
We are registered with the Information Commissioner’s Office under regulation reference Z9656979.
The person who you should contact about anything to do with this policy is Richard Ratcliffe and he can be contacted by email at firstname.lastname@example.org.
What Information will we collect from you
The information that we collect from you will vary depending on what you have asked us to do for you or what we are contracted to do for you.
There are two main types of information that you may provide us with:
- Personal Data. This is the general information that you may give us about yourself such as your name, address, gender, date of birth and contact details.
- Special Category Data. This will include more sensitive information and therefore needs more protection. This would include, but not be limited to, details relating to ethnic or racial origin, religion, politics, trade union membership, genetics, biometrics (where used for ID purposes), health, or sexual orientation.
Details of criminal offences or convictions do not fall into either of these categories but the similar extra safeguards that would be applied to Special Category Data would normally apply.
Most cases will only require us to collect Personal Data but in some cases we may need you to provide us with Special Category Data.
Why we collect your information
The lawful bases on which we process your personal data will fall into one or more of the following:
- A contract. You ask us to act on your behalf and we carry out to work on the basis of your instructions to us. We would be unable to do this unless we collected and processed your data.
- Legitimate interests. For instance, it will be necessary to process your data for our monthly invoicing and, where necessary, debt recovery. This type of processing would be in the legitimate interests of the business.
- Compliance with a legal obligation. For instance checking your identity for anti-money laundering requirements, having our accounts audited, dealing with terrorism or fraud.
If we need to process sensitive data additional requirements are made under GDPR. These are listed in Article 9(2) of the GDPR. The basis on which we are most likely to need to process your sensitive data on would be that the processing would be necessary for the establishment, exercise or defence of legal claims.
How we collect your information
Most of the information that we need we will get directly from you, however some information we may have to get from a third party. Examples are
- You may give us the information yourself either directly, for instance over the telephone or by email, or through our website contact form;
- You may also provide us with information about someone else, having been given their authorisation to do so by them;
- We may be given the information by third parties so that we can do the legal work that you have asked us to do for you. Examples of where this information may come from are:
- Banks, Building Societies and other financial institutions
- Estate Agents who are acting for you in a conveyancing matter
- Medical institutions
What we need the information for
We use the information you provide primarily to do the legal work that you have asked us to do for you and for related purposes. These may include:
- Completing forms on your behalf
- Consulting with Counsel and obtaining his/her advice on your case
- Seeking advice from third parties, such as experts
- Updating and enhancing client records
- Carrying out identity checks
- Carrying out credit checks, where you have authorised us to do so
- Analysis to help us manage our practice
- Statutory returns
- legal and regulatory compliance, including fraud prevention
- Collecting our fees
- Investigating complaints
We will not use your data for marketing purposes and we will not give, sell or rent your data to anyone else to use for this purpose.
Who has access to your data
The information we hold about you is used primarily so that we can carry out the legal work that you have asked us to do. In order to complete this work for you we may need to share your information with third parties which may include:
- HM Land Registry, normally in conveyancing matters
- HM Revenue and Customs, for instance for probate matters
- HM Courts and Tribunals
- Solicitors acting for the other side
- Counsel to obtain advice or to enable them represent you
- Non-legal experts to obtain advice or assistance, for instance pensions or medical experts
- Translation Services
- Banks, Building Societies or other financial institutions
- Mortgage Providers
- Insurance Companies
Your information is also used to make sure that we are running our practice efficiently, to ensure that we comply with legal and compliance requirements and the requirements of our regulators, the Solicitors Regulation Authority, and to fulfil our commitments to the Conveyancing Quality Scheme. To do this we may need to share your data with other third parties including
- Providers of identity verification
- Providers of credit checks
- External Accountants and Auditors, who do our annual accounts and auditing
- Our IT Consultants, who help us with our internal IT issues and ensure that our software and virus and malware prevention systems are kept up to date
- Our Website Consultants, who will pass your initial online enquiry forms to us and monitor the frequency of visits to our website
- Our Cloud providers, who help us to store your information
- Payment service providers who process your payment information
- Any third party that we are required to contact in the course of prevention of financial crime and terrorism
- The Information Commissioner’s Office
- The Solicitors’ Regulation Authority
- The Law Society
Where we need to share your information with a third party we will ensure that they comply with our standards of data protection and that your information is not used by them for any other reason unless you have agreed expressly that they can do so.
There may be some data that requires your separate specific consent before we are permitted to use it. If this is the case we will contact you separately.
How we keep your data safe
We take protection of your data seriously and take all reasonable measures to keep your data safe.
All staff receive training on how to ensure data is protected.
We have high standards of technology to protect against data loss, misuse, alteration or destruction. We use computer safeguards such as firewalls and malware and virus detection software. These are monitored and a full check on all workstations is carried out monthly. All data is backed up automatically onto the ‘cloud’.
We do not sell your information on to third parties, nor do we share your information for marketing purposes.
How long we keep your data for
We will only keep your data for as long as we need to. This amount of time will vary depending on what you are asking us to do for you.
Usually we will need to keep your information for 6 years after we have finished working on the matter for you.
In some cases, we may need to keep your information for longer. For instance, if we are buying or selling a house for you we will need to keep it for up to 12 years, and if we make a will for you we will keep a copy of it indefinitely.
Our use of your information is subject to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), or such other legislation that may currently be, or come into, force, and our duty of confidentiality. These regulations provide for various rights which include the following:
You can ask for a copy of your personal data. This is known as a Subject Access Request (SAR). If you wish to make a request please do so in writing to Richard Ratcliffe, Ratcliffes Solicitors, 22 Park Road, Sittingbourne, Kent ME10 1DR or contact the person who is dealing with your matter. If you ask for a copy of your data you will be given a copy of the data that we hold for you e.g. name, address, contact details, date of birth, information regarding your health etc. You will not normally be given a copy of your file because you are only entitled to your personal data and not to the documents on your file.
You have the right to erasure of your data, also known as ‘the right to be forgotten’. You can make such a request either verbally or in writing and we will respond to your request within one month of having received it. This is not an absolute right and will only apply in certain circumstances.
You have the right for the information that we keep about you to be accurate and kept up-to-date. If you think that any details that we hold about you are incorrect let us know and we will correct or erase it without delay.
A more detailed explanation of your rights can be found on the Information Commissioner’s Office website at www.ico.org.uk.
If you wish to complain about how we handled your data you should contact Richard Ratcliffe, Ratcliffes Solicitors, 22 Park Road, Sittingbourne, Kent ME10 1DR in writing. If you are not satisfied with our response you can complain to the Information Commissioner’s Office (ICO).