Your local solicitors with international experience...
General Privacy Notice last updated 20 May 2018 in light of GDPR
GENERAL PRIVACY NOTICE
We are IKON LAW LTD. We are a Limited Company registered in England and Wales with company number 08468421 whose registered address is at 82 Stechford Lane, Hodge Hill, Birmingham, B8 2AN.
In this privacy notice we will refer to ourselves as ‘the Firm’, ‘we’, ‘us’ or ‘our’. You can get hold of us by phoning us on 0121 7861321 and asking to speak to ISHRAT KHAN or emailing email@example.com or by writing to us IKON LAW LTD 82 Stechford Lane, Hodge Hill, Birmingham, B8 2AN.
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how (as data controllers) we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you, We do not have a Data Protection Officer, but if you have any questions about this privacy notice or issues arising from it then you should contact ISHRAT KHAN, who is the Principal Solicitor and who is responsible for matters relating to data protection at our Firm, including any matters in this privacy notice. You can contact them using the details set out above.
In addition, ISHRAT KHAN, the firm’s Compliance Officer for Legal Practice (COLP) oversees compliance with our professional responsibilities and the reporting of any failures with legislative requirements, including in respect of data protection. We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them. We have a separate privacy notice in respect of our website which you can access from the links section on our website. We may update this privacy notice from time to time.
1. KEY DEFINITIONS
We have explained some terms which are used in this privacy notice below in order to help your understanding:
Data Controller: under data protection law this is the organisation or person which is responsible for deciding how personal information is collected and stored and how it is used.
Data Processor: under data protection law this is an organisation or person appointed by the Data Controller to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller.
Personal Information: in this privacy notice we refer to your personal data as personal information. Personal information means any information from which a living individual can be identified. It does not apply to information which has been anonymised.
Special Information: certain very sensitive personal information requires extra protection under data protection law. Sensitive information includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
2. DETAILS OF PERSONAL INFORMATION WHICH WE COLLECT AND HOLD ABOUT YOU
2.1 Given the wide ranging nature of the legal services which we provide it is impossible for us to list every different type of personal information which we may collect and use or which may be provided to us by our clients or third parties. However, set out below are the general categories of personal information which we may collect and in each case examples of the types of personal information which we collect, use and hold:
CategoryTypes of Personal Data
Identity InformationThis is information relating to your identity such as your name (including any previous names), any titles which you use, gender, marital status, date of birth, job title, employer and identifiers (such as your client reference number).
KYC InformationThis is information which allows us to carry out KnowYour-Client (KYC) checks as part of our regulatory obligations and includes details of your passport, driving licence, utility bills or other statements which show your address, and the results of any anti-money laundering searches which we carry out. In the case of corporate clients, these searches may be carried out in respect of directors and shareholders.
Contact InformationThis is information relating to your contact details such as e-mail addresses, postal addresses, and telephone numbers.
Payment InformationThis is information relating to the methods by which you provide payment to us such as bank account details and details of any payments (including amounts and dates) which are made between us.
Transaction InformationThis is information relating to transactions between us and our client which includes details of the legal services, advice, communications and documentation provided to our client and which will therefore include any individuals named in the matter (including such personal information as is required for the matter in order to provide our legal services).
Survey InformationThis is information which we have collected from you or which you have provided to us in respect of surveys and feedback.
Marketing InformationThis is information relating to your marketing and communications preferences.
Usage InformationThis is information about how you interact with our marketing communications.
2.2 The types of personal information we collect may differ from person to person depending on who they are and the relationship between us and you and/or our client. Those groups of persons may include:
(a) our clients and others in relation to legal services provided to our clients;
(b) business contacts and organisations who we may work with in relation to matters and legal services provided to our clients; or
(c) subscribers to our marketing communications.
2.3 We also collect, use and share Aggregated Information such as statistical or demographic data for any purpose. Aggregated Information may be derived from your personal information but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Information to calculate the percentage of users accessing a specific feature. However, if we combine or connect Aggregated Information with your personal information so that it can directly or indirectly identify you, we treat combined information as personal information which will be used in accordance with this privacy notice.
3. DETAILS OF SPECIAL INFORMATION WHICH WE COLLECT AND HOLD ABOUT YOU
3.1 Special information is explained in section 1 above. We may collect and hold the following types of special information about you: race/ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetics; biometrics; health; sex life and sexual orientation.
3.2 Whether we collect details of special information will depend on the nature of the matter in respect of which we are instructed.
4. DATA SECURITY
4.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
4.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
5. DETAILS OF HOW AND WHY WE USE PERSONAL INFORMATION
5.1 We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below, but in most cases we will use your personal information for the following legal reasons:
(a) Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
b) Legitimate Interests Reason: this is where it is necessary for our (or a third party’s) legitimate interests so long as those interests do not override your fundamental rights, freedoms or interests.
(c) Legal Obligation Reason: this is in order to perform a legal obligation by which we are bound; and
(d) Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specific reasons (however, see section 5.5 for details of how you may withdraw your consent).
5.2 As explained in section 3 above, there are more sensitive types of personal information which require higher levels of protection. Where we process special information we will usually do this in one of the following circumstances:
(a) where we have your explicit consent (however, see section 5.5 for details of how you may withdraw consent);
(b) where it is necessary for the purposes of carrying out your or the Data Controller’s obligations and exercising your or its specific rights in the fields of employment and social security and social protection law;
(c) where it is necessary in relation to legal claims;
(d) where it is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services (provided appropriate safeguards are in place);
(e) where it is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (provided appropriate safeguards are in place);
(f) where you have made the personal data public, or
(g) where it is necessary to protect vital interests and the relevant individual cannot give consent.
5.3 In order to provide legal services to our client we will need personal information. If you fail to provide us with the required personal information then we may be prevented from providing legal services to our client (for example, if you do not supply us with KYC Information requested then we may not be able to meet our legal and regulatory obligations and will have to stop providing services to you/client).
5.4 It is important that you keep your personal information up to date. If any of your personal information changes please contact us as soon as possible to let us know. If you do not do this then we may be prevented from supplying legal services to you/ our client for example, if you change email or postal address and do not tell us then confidential documents may be delivered to the wrong address.
5.5 In the limited circumstances where we rely on consent for a specific purpose as the legal reason for processing your personal information, then you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw 6 your consent then please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose then we will stop processing your personal information for that purpose unless we have another legal reason for processing your personal information.
5.6 We have explained below the different purposes as to why we use your personal information and in each case the legal reason(s) on which we can use your personal information. Please also note the following:
(a) if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information then we have also explained what that legitimate interest is; and
(b) for some of the purposes we may have listed more than one legal reason on which we can use your personal information because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying on to use your personal information for that purpose then please contact us using the contact details set out at the start of this privacy notice.
PurposeLegal Reason(s) for using the personal information
To register our clients with us.Contract Reason. Legal Obligation Reason. Legitimate Interests Reason (in order to provide legal services to our clients which helps us to meet our obligations and to develop our business).
To provide legal services to our clients and to fulfill the contract with our client which includes taking payment from our client, advising our client of any updates in relation to their contract (including to update them as the matter progresses) or any enforcement action against our client to recover payment.Contract Reason. Legal Obligation Reason. Legitimate Interests Reason (in order to provide legal services to our clients, to fulfil our contract with our client and in order to recover money which our clients owe us)
To manage our contract with our client and to notify our client of any changesContract Reason. Legal Obligation Reason. Legitimate Interests Reason (in order to provide legal services to our clients and to fulfill our contract with our client).
To comply with regulatory, audit and accounting matters.Legal Obligation Reason.
To investigate claim, defend and deal with legal claims brought against us.Contract Reason. Legitimate Interests Reason (in order to protect and defend our business).
To improve the legal services which we supply.Legitimate Interests Reason (in order to improve the legal services we provide for future clients and to grow our business.)
To recommend and send communications to you about our legal services that you may be interested in.Legitimate Interests Reason (in order to grow our business). Consent Reason.
The prevention of fraud, money laundering and other compliance matters.Legal Obligation Reason.
We may use your Identity, Contact, Transaction and Usage Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant for you (we call this marketing). You will receive marketing communications from us if you have requested information from us or we have provided legal services to you and, in each case, you have not opted out of receiving that marketing.
We will get your express opt-in consent before we share your personal information with any third party for marketing purposes.
8 OPTING OUT/UNSUBSCRIBING
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out/unsubscribe links on any marketing message sent to you or by contacting us (on the details listed above) at any time. Where you opt out of or unsubscribe from receiving these marketing messages, this will not apply to personal information provided to us as a result of legal services provided to our client or other transactions.
CHANGE OF PURPOSE
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us (using the details set out at the beginning of this privacy notice). If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may use your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. DETAILS OF HOW WE COLLECT PERSONAL INFORMATION AND SPECIAL INFORMATION
6.1 We may collect Identity Information, Contact Information, Payment Information, Transaction Information, Survey Information, Marketing Information, and Special Information directly from you when you fill out a form, survey or questionnaire, instruct us to provide legal services or contact us by e-mail, telephone, in writing or otherwise. This includes the personal information which you provide to us when you subscribe to our mailing list and/or enter a competition or survey.
6.2 We may also receive some of your personal information from third parties or publicly available sources. This includes:
(a) Our clients (where you are not our individual client);
(b) Payment Information from our bank and third party payment provider;
(c) Identity Information and Contact Information from publicly available sources such as websites, Companies House, HM Land Registry and Courts; 9
(d) Identity Information and Contact Information from third parties such as accountants, solicitors, Legal Aid, tax advisors, experts, counsel (barristers), credit agencies, insolvency practitioners and other organisations who may refer you to us (including organisations with whom we have referral arrangements in place with), or who we deal with in the course of acting for our client;
(e) Service providers who provide anti-money laundering checks.
6.3 We may also receive some personal information (such as Usage Information) from automated technologies. For example, these will tell us about if you have opened a marketing communication e-mail from us and whether you have clicked on any links in it.
7. DETAILS ABOUT WHO PERSONAL INFORMATION MAY BE SHARED WITH
7.1 We may need to share your personal information with other organisations or people. These organisations include:
(a) Third parties.
These may include:
(i)Suppliers: such as IT support services, payment providers, administration providers, marketing agencies, debt collectors, anti-money laundering checking agencies, who may be based inside or outside of the EEA;
(ii) Government bodies and regulatory bodies: such as the Solicitors Regulation Authority, the Legal Ombudsmen, HMRC, Companies House, HM Land Registry and Courts and fraud prevention agencies who are based in the United Kingdom;
(iii) Our advisors: such as solicitors, counsel (barristers), accountants, auditors, insolvency practitioners, insurance companies who are based in the United Kingdom;
(iv) Our bankers who are based in the United Kingdom;
(v) Third parties who we deal with in the course of acting for our client such as, solicitors, counsel (barristers), accountants, auditors, Legal Aid, tax advisors, experts, credit agencies and insolvency practitioners;
(vi) Enquiry Agents who are based within the EEA;
(vii) Email platforms who are based outside of the EEA
(b) any organisations which propose to purchase our business and assets in which case we may disclose your personal information to the potential purchaser.
7.2 Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor we will ensure that we have in place contracts, which set out the responsibilities and obligations of us and them, including in respect of security of personal information.
7.3 We do not sell or trade any of the personal information which you have provided to us.
8. DETAILS ABOUT TRANSFERS TO COUNTRIES OUTSIDE OF THE EEA
8.1 If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information, as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including where relevant any exceptions to the general rules on transferring personal information outside of the EEA which are available to us – these are known as ‘derogations’ under the data protection legislation). We may need to transfer personal information outside of the EEA to the third parties listed above in section 7 who may be located outside of the EEA as part of legal services we provide or we may need to transfer personal information outside of the EEA where required to do so for the matter in question.
8.2 The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
(a) where the transfer is to a country or territory which the EU Commission has approved as ensuring an adequate level of protection;
(b) having in place a standard set of clauses which have been approved by the EU Commission;
(c) compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
(d) certification with an approved certification mechanism; or
(e) where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield in relation to organisations which have signed up to it in the USA.
8.3 We may also transfer personal information about you outside of the EEA where there are no safeguards in place but where the data protection laws allow us to. These situations include the transfer of personal information outside of the EEA where:
(a) you have explicitly consented after being informed of the risks involved in transfers where appropriate safeguards are not in place;
(b) it is necessary for the performance of a contract between you and us or for pre-contractual steps taken at your request;
(c) it is necessary for the performance of a contract made in your interests between us and another person; or
(d) it is necessary to establish, exercise or defend legal claims.
9. DETAILS ABOUT HOW LONG WE WILL HOLD YOUR PERSONAL INFORMATION
9.1 We will only hold your personal information for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 5 above) and whether we are under any legal or regulatory obligation to keep the personal information (such as in relation to accounting or auditing records, for tax reasons or due to obligations set by our regulator, the Solicitors Regulation Authority). We may also need to keep personal information in case of any legal claims, including any claims against us in relation the legal services provided.
9.2 You can contact us (using the details at the beginning of this notice) to request a copy of our retention policy which sets out how long different types of personal information will be kept for.
10. AUTOMATED DECISION MAKING
10.1 Automated decision making is where a decision is automatically made without any human involvement. Under data protection legislation this includes profiling. Profiling is the automated processing of personal data in order to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
10.2 Data protection laws place restrictions upon us if we carry out automated decision making (including profiling) which produces a legal effect or similarly significant effect on you. 10.3 We do not carry out automated decision making (including profiling) which produces a legal effect or similarly significant effect on you. If we do decide to do this then we will notify you and we will inform you of the legal reason we are able to do this.
11. YOUR RIGHTS UNDER DATA PROTECTION LAW
11.1 Under data protection laws you have certain rights in relation to your personal information, as follows:
(a) Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information which we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
(b) Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
(c) Right to erasure: (this is often called the “right to be forgotten”). This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
(d) Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
(e) Right to data portability: this right allows you to request us to transfer your personal information to someone else.
(f) Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 5 above) and there is something about your particular situation which means that you want to object to us processing your personal information.
11.2 If you want to exercise any of the above rights in relation to your personal information then please contact us using the details set out at the beginning of this notice. If you do make a request then please note:
(a) we may need certain information from you so that we can verify your identity;
(b) we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
(c) if your request is unfounded or excessive then we may refuse to deal with your request.
11.3 In addition to the rights set out in section 11.1, where we rely on consent as the legal reason for using your personal information then you have the right to withdraw your consent. Further details about this are set out in section 5.5.
If you have a complaint in relation to the way that we have handled or used your personal information then you must us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information. You can contact us using the details set out at the beginning of this privacy notice.
After we have dealt with your complaint and you are not satisfied with our handling of your complaint, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO)
If you have comments or any questions about our data protection and privacy practices please contact:
IKON LAW Solicitors & advocates
82 Stechford Lane, Hodge Hill, Birmingham, B8 2AN
PH: 0121 786 1321 FX: 0121 2466664 email: firstname.lastname@example.org
Ikon Law Solicitors & Advocates is the trading name of Ikon Law Ltd incorporated and registered in England & Wales, company registration number 08468421. This firm is regulated and authorised by the Solicitors Regulation Authority. SRA No. 598374