Privacy Policy
1.
At BDG Solicitors we you’re your privacy very seriously. Please ensure you read this Policy vert carefully as it contains important information on when we collect personal information about you, why we collect this information, how it is used, any circumstance where your information may be disclosed to a third party, how your information is secured and it explains your rights under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”) law.
2.
This notice is intended to be read alongside the firm’s terms and conditions at the commencement of your instructions to this firm. Please refer to our terms and conditions which sets out details and provides further information on GDPR and the DPA.
3.
This notice applies to information held by this firm, to include this firms website and our social media pages but does not apply to any third party websites that you may link to from our site. For more information on data collected from our website please refer to our Cookies Policy, a copy of which can be found on our website.
Who are BDG Solicitors:
4.
BDG Solicitors is a Limited Liability Partnership authorised and regulated by the Solicitors Regulation Authority (number 492964). Our members are Ilian Granville, Davina Pratt and Catherine Taylor.
5.
Any data is collected, processed and stored by BDG Solicitors and this firm is the “Data Controller” for all of the personal information and data we hold about you.
6.
The firm’s Data Protection Officer is Catherine Taylor. You can contact Ms Taylor by email on Catherine.taylor@bdgsolicitors.co.uk or by telephone on 01424424949. Ms Taylor is based at our Eastbourne Office at 247 Seaside, Eastbourne, BN22 7NT.
Information we require from you
7.
The information we require from you will vary and depend on the matter to which you have instructed this firm. As this firm deals with various legal matters to include family, litigation, commercial and residential conveyancing, the data we collect will vary. There is certain information this firm will collect and information we may collect dependent on the reason for your instruction;
Personal Data we will collect (personal data)
(a)
Your name, date of birth, telephone number, email address, information related to your instructions, information to enable us to undertake a credit check or other financial check (if applicable), relevant financial details (e.g. source of funds on a purchase transaction).
Personal information we may collect (sensitive data)
(b)
Sensitive Personal Data may include data such as your race or ethnical origin, any trade union membership (they may be funding your litigation), political opinions, religious or philosophical beliefs, insurance details, bank account details, national insurance or tax details, employment status and income details, nationality and immigration details (this may be required for identification purposes), details of your pension arrangements (should you instruct us in respect of a pension or family matters where financial disclosure is required) and your medical records which may be required in matters to which your health is relevant etc.
8.
Although most of the time we will only require basic Personal Data, there will be occasions whereby we are required to seek Sensitive Personal Data. You will always be advised prior to us seeking any of this information. There may be occasions however where a court, for example, may order this information to be disclosed. You are referred to the individual companies who hold that data for their privacy policies and how they hold your data.
9.
The above data is required to enable us to carry out our services to you. Should you refrain from providing the required information to us, it may delay or prevent us from being able to assist you.
How your data is obtained
10.
Your information and data may be obtained from a variety of sources to include:
(a)
Yourself. You are likely to volunteer information at the commencement of any instruction to us
(b)
Information about a third party may be provided by you. For example, in family proceedings, you are likely to provide information of any spouse, children, family members etc.
(c)
Third parties who we request details from with your consent:
(i) Banks/building societies
(ii) Mortgage panels, or any other panel you may authorise to forward your details to us
(iii) Any organisation that has referred your case to us, this will usually require your consent.
(iv) Medical or financial institutions who hold personal information/records for you
(v) DWP, CMS or any other government authority who may be required to release details about you
(d)
Sign-up to receive one of our newsletters
(e)
If you submit an online enquiry on our website
(f)
Following/liking/subscribing to our social media channels
(g)
Agree to fill in a questionnaire or survey on our website
(h)
Ask us a question or submit any queries or concerns you have via email, through our online chat on the website or on social media channels
(i)
Post information to the our website or social media channels, for example when we offer the option for you to comment on, or join, discussions
(j)
When you leave a review about us on our website or Google Reviews
(k)
Via our information technology (“IT”) systems to include any case management system, accounts system, time recording, reception logs, automated monitoring of our website etc.
How and why we use your Data
11.
GDPR and DPA sets out when your Data can be used:
(a)
to comply with our legal and regulatory obligations;
(b)
for the performance of our contract with you or to take steps at your request before entering into a contract;
(c)
for our legitimate interests or those of a third party; or
(d)
where you have given consent.
12.
We set out below when your information will be used and why:
(a)
Advising you and providing you with legal services- for the performance of our contract with you or to take steps at your request before entering into a contract;
(e)
Conducting checks to identify you, screening for financial reasons, embargoes or other sanctions- to comply with our legal and regulatory obligations;
(f)
Any other processing that is required for this firm to comply with professional, legal and regulatory obligations- to comply with our legal and regulatory obligations;
(g)
To gather information required for audits, enquiries or investigation by regulatory bodies- to comply with our legal and regulatory obligations;
(h)
Ensuring confidentiality of commercially sensitive information- for our legitimate interests or those of a third party
(i)
To prevent unauthorised access or modification to our systems- for our legitimate interests or those of a third party and to comply with our legal and regulatory obligations;
(j)
Statutory returns- to comply with our legal and regulatory obligations;
(k) Updating and maintaining correct client details- for the performance of our contract with you or to take steps at your request before entering into a contract, for our legitimate interests or those of a third party and to comply with our legal and regulatory obligations
(l)
To ensure staff administration is up to date, safe working practices and training- to comply with our legal and regulatory obligations and for our legitimate interests or those of a third party. This is to ensure we are always offering the best service to you.
(m)
Credit referencing checks via external credit reference agencies- For our legitimate interests or those of a third party. We do this to ensure our clients are likely to be able to pay for our services and for credit control purposes.
(n)
Client satisfaction surveys- for our legitimate interests or those of a third party. During your matter, or at the conclusion of your matter, we may send you a client satisfaction survey. This is to enable us to improve our services and to provide a better service to you.
(o)
External audits and quality checks, for CQS, mortgage lenders, the audit of our accounts, SRA audits and ICO audits- For our legitimate interests or those of a third party. This is done to maintain our accreditations and panel memberships so we can demonstrate we operate at the highest standards.
It is also to comply with our legal and regulatory obligations.
13
The above list does not apply to “special personal data” as set out at Art.9(1). This data will only be processed with your explicit consent or should it be required and as set out at Art.9(2)(a)-(j).
Who has access to your information and how do we protect your Data?
14
Your data will routinely be shared with the following third parties during the course of your matter:
(a)
Professional advisors/experts required in your case to include; barristers, medical professionals, accountants, tax advisors, surveyors, pension actuaries or other experts;
(b)
Any other third parties required to carry out your instructions; e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House; or CMS, DWP or bank/building society in family matters.
(c)
Other legal professionals, to include solicitors acting for the other side.
(d)
Court or Tribunal
(e)
credit reference agencies;
(f)
our insurers and brokers;
(g)
external auditors, e.g. SRA, ICO, accreditation memberships.
(h)
our bank;
(i)
external service suppliers, representatives and agents that we use to make our business more efficient;
(j)
Ken Pullen Information Technology (“KPIT”) as required for IT support;
(k)
Reef who supply our confidential waste service
15
We will never sell your data or information to third parties nor will we share your information with third parties for marketing purposes.
16
As stated, in some circumstances, we may require you specific consent to obtain your information or data from a third party. In these situations, we will contact you to seek your authority.
Where is your personal data held?
17
Your data will be held in a paper file in one of our offices at 51 Havelock Road, Hastings or 247 Seaside, Eastbourne.
18
We use an internal server that only staff have access to where personal data is held electronically. This server is monitored by our IT Company who ensure the server is protected from any phishing, hacking or scams. In the event of theft, the server is locked and no third party is able to access the data stored.
19
In the event of third party instruction, you are advised to read their privacy policy about how your information is held.
How long do we hold your data for?
20
Your data is held after the conclusion of your matter for one of the following reasons:
(a)
To respond to any questions, complaints or claims made by you or on your behalf
(b)
To be able to show you were treated fairly
(c)
To ensure records are kept in line with the law
21
Your file will be kept for a period of time dependent on the type of matter to which you instructed this firm;
(a)
Negligence claims- 15 years from the date of the Defendant’s breach of duty (Section 14A Limitation Act 1980)
(b)
Business purchase- 12 years
(c)
Property sale- 10 years
(d)
Property purchase- 15 years
(e)
Grant of a lease- for the entirety of the lease plus six years
(f)
Children Act matters- six years (unless the instruction is on behalf of a minor in which case the file will be held for six years after the date of the child’s 18th birthday)
(g)
Power of Attorney- until needed or the client reaches 100 years of age
(h)
Divorce (to include financial matters)- six years
(i)
Pre-Nuptial/Post-Nuptial Agreements- until required
(j)
Trusts- until they expire
(k)
Wills- until needed or the client reaches 100 years of age
(l)
Deeds, guarantees or certificates- indefinitely unless client provides written permission
(m)
Any other matter- six years
22
The above list is not exhaustive. Should you require further details please contact our DPO, Catherine Taylor.
Transferring your personal data out of the EEA
23
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA):
(a)
with your and our service providers located outside the EEA;
(b)
if you are based outside the EEA;
(c)
where there is an international dimension to the matter in which we are advising you.
24
These transfers are subject to special rules under European and UK Data Protection law.
25
If you would like further information please contact our Data Protection Officer, Catherine Taylor (details set out below)
Your rights
26
GDPR and DPA entitles you to access your personal data free of charge. This is also known as a “right to access”. You are not required to serve a formal SAR (Standard Access Request) under the new Regulations. If you wish to make a request, please put your request in writing to include email, or telephone, in the first instance to the fee earner dealing with your matter, or to our Data Protection Officer, Catherine Taylor.
27 Under GDPR you have the right to;
(a)
The Right to Access; You are entitled to obtain a copy of the data we hold on you to include your personal details such as your address, name, date of birth, contact details, any medical records etc. You are not however entitled to the documents to which your data is processed, to include correspondence, documents, attendance notes etc. You are referred to this policy for information on how your data is processed. (Art.15)
(b)
The right to rectification; You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you. (Art.16)
(c)
The right to erasure “to be forgotten”; You have the right to obtain the erasure of personal data concerning you in certain situations, see Art.17
(d)
The right to restrict processing; You have the right to restrict the processing of your data. This only applies in certain situations to include the need to verify data that you consider is inaccurate, where you reject to processing but this firm’s obligations override your right to restrict processing for legal reasons or to protect public interest. (Art.18)
(e)
The right to Data portability; You have the right to receive the personal data you provided to us in in a structured, commonly used and machine-readable format (Art.20)
(f)
You have a right to object; You can object to your personal data being processed for direct marketing (absolute, we have to stop processing) or on legitimate interests. Again this right can be overridden should processing of your information be required to defend legal claims for example. (Art.21)
(g)
Not to be subject to automated individual decision-making; You have the right not to be subject to a decision based solely on automated processing, including profiling that produces legal effects concerning you (Art.22)
28
If you wish to exercise any of these rights please-
(a)
email, call or write to us our Data Protection Officer – see below: ‘How to contact us’; and
(b)
let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
(c)
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility bill); and
(d)
let us know what right you want to exercise and the information to which your request relates.
Should you wish to complain about the way we use your personal data
29
Please contact our Data Protection Officer, Catherine Taylor, should you wish to raise a complaint about the way in which we have handled your personal data.
30
Should you not be satisfied with Ms Taylor’s response, you are entitled to complain to the Information Commissioner’s Office (ICO) if you believe your personal data has not been processed in accordance with the law.
31
Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
Keeping your personal data secure
32
We have appropriate security measures in place to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those