This policy covers how we collect, process and when we might share your personal information. We take your privacy seriously and will take all measures to keep your personal information secure.
This policy provides an explanation as to what happens to any personal data that you share with us directly, through our website or email. For Russell & Russell clients you should read this notice alongside our terms and conditions which provide further information on confidentiality and data privacy.
For the purpose of the GDPR (General Data Protection Regulation) you can contact our Risk and Compliance Officer, Neil Seddon, who can be contacted via email at firstname.lastname@example.org. He is supported in data protection matters by our Data Protection Officer, Andrew Perry.
This policy covers the following:
- Who are we?
- Sources of information
- Visitors to our offices
- What information do we ask for?
- How do we use your information?
- Marketing and sharing your information
- How long do we keep your information?
- How do we protect your personal data?
- How you can access the information we hold about you?
- What are your rights under GDPR?
- Our website and websites linked to ours.
- How to contact us about data privacy?
Who are we?
- Russell & Russell Solicitors LLP is a limited liability partnership registered in England & Wales, No. OC420972 | VAT no. GB 146 948 331
- The registered office is Churchill House, Wood Street, Bolton, BL1 1EE where a list of members is open to inspection
- Russell & Russell Solicitors LLP is authorised and regulated by the Solicitors Regulation Authority, No. 653317
- Russell & Russell is the trading name for Russell & Russell Solicitors LLP
- Our ICO Registration Number is: ZA491951.
Sources of information
- We collect most of this personal information directly from you – in person, by telephone, text or email and/or via our website and any apps. However, we may also collect information from:
- publicly accessible sources, e.g. Companies House or HM Land Registry;
- a third party directly, e.g. a business such as an estate agency or claims management company that has introduced you to Russell & Russell;
- customer due diligence providers;
- a third party with your consent, e.g. your bank or building society.
- Information provided to us when you communicate with us for any reason, usually in connection with work we are doing for you.
- Information may be passed to us by third parties in order that we can undertake legal work on your behalf. For example, referrers of work, banks, building societies and medical institutions.
Visitors to our offices
- Visitors to our offices are required to sign in and out. Basic information such as the visitor’s name and business is recorded. The sign-in sheets are kept secure and destroyed after a short period of time. These records are only accessed if we need to investigate an incident.
- CCTV – our Newport Street, Advice Centre in Bolton office has CCTV cameras installed.We consider CCTV necessary for the safety of our staff and visitors, as well as the detection and prevention of crime.
What information do we ask for?
- This notice is intended for clients and prospective clients. The information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This personal information is required to provide legal services to you. If you do not provide personal information we ask for, it may delay or prevent us from providing legal services to you.
- Personal data: is the general information that you supply about yourself, such as your name, address, gender, date of birth & contact details and information needed to complete identity (ID) checks. It may also include other information depending on your legal matter such as financial and banking information, family details and similar.
- Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, health or criminal convictions or details of your children for example.
- In the majority of cases personal data will be restricted to basic personal information necessary to act on your behalf. However, some of the work we do may require us to ask for more sensitive personal information.
- Where individuals contact us for information, we collect basic information such as name, contact details and the nature of their enquiry. Information will normally be used only for the purposes of responding to the enquiry.
- Inbound telephone calls to certain departments are recorded and a sample of the calls are monitored for compliance and quality purposes. The recordings are stored for a short period of time and the retention periods for other enquiries vary depending on the nature but they will be kept for no longer than necessary.
- Website enquiries - you may give us information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our Website or when you report a problem with our Website. The information you give us may include your name, address, e-mail address and phone number and financial information
How do we use your information?
- We process the information you provide primarily for the provision of legal services to you and our use of that information is subject to your instructions, data protection law and our duty of confidentiality.
- The following are some examples of how we process your data:
- To carry out our contractual commitments to you, comply with the law or where processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- compliance with our legal and regulatory obligations;
- Money Laundering Regulations 2017. Before establishing a business relationship or entering into an occasional transaction with a new client any personal data received from clients in order to comply with the Regulations will only be processed for the purpose of preventing money laundering or terrorist financing unless such processing is permitted by law or the client consents to any alternative use of the data;
- updating and enhancing client records;
- analysis to help us manage our practice;
- Statutory returns;
- External audits and quality checks, e.g. for Lexcel, CQS, WIQS and accounts audits;
- To seek advice from third parties; such as legal and non-legal experts. For example, barristers, expert witnesses and other professional advisers, including sometimes advisers appointed by another party to your matter.
- To provide you with information requested from us relating to our services and to provide information on other services which we feel may be of interest to you if you have consented to receive such information.
Marketing and sharing your information
- If you’d like to receive marketing information from us in the future you will need to give us consent to send information to you about our services. To opt in please complete our marketing consent form.
- You can also opt out of receiving marketing information from us at any time by clicking on “unsubscribe” on emails you receive from us or contacting email@example.com.
- We might share your information with legal representatives on the other side of the transaction and with third party experts if required. We may also share your information with government and other organisations when necessary such as the Legal Aid Agency, HMRC, the Courts, National Probation Service or Court of Protection to name some common examples.
- We understand the importance of your privacy, so you can be assured that we’ll not share your information with any third parties for marketing purposes.
How long do we keep your information?
- Your personal information will be retained in computer and paper files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
- We will keep your personal information while we are providing legal services to you. Thereafter, we will keep your personal information for as long as is necessary to respond to any questions, complaints or claims made by you or on your behalf, show that we treated you fairly and keep records required by law.
- We will not retain your personal information for longer than necessary for the purposes set out in this notice.
- Different retention periods apply for different types of legal matters. The retention period will be noted on your file closing correspondence at the completion of your case.
- For most matters a minimum of 6 years from the conclusion or closure of your legal work; in the event that you, or we, need to re-open your case for the purpose of defending complaints or claims.
- Some information or matters may be kept for longer, for example:
- Property purchase 15 years
- Unregistered property deeds may be kept indefinitely to evidence ownership.
- Matrimonial matters including financial orders or maintenance agreements.
- Probate matters until a surviving spouse or civil partner has died in order to deal with any transferable Inheritance Tax allowance.
- Wills and related documents may be kept indefinitely.
- For the duration of a trust.
- Personal injury matters which involve lifetime awards or PI Trusts may be kept for longer periods.
How do we protect your personal data?
- We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
- We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
- We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
- Information may be held at our offices, or on backup servers maintained by our IT Team. Alternatively, it may be held by third parties noted above.
- In rare situations these third parties may be based outside the European Economic Area (EEA). Territories outside the EEA countries generally do not have the same data protection laws as the UK and EEA. We will, however, take reasonable steps to ensure the transfer complies with data protection law and all personal information will be secure.
How you can access the information we hold about you
- You have a right of access under data protection law to the personal data that we hold about you. We seek to keep that personal data correct and up to date. You should let us know if you believe the information we hold about you needs to be corrected or updated.
- You are entitled to request a copy of your personal data, known as a Subject Access Request. A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
- If you wish to make a request, please do so in writing addressed to our Data Protection Officer on the contact details below or contact the person dealing with your matter.
What are your rights under GDPR?
- You have the following rights, which you can exercise free of charge:
- Access - The right to be provided with a copy of your personal information (the right of access)
- Rectification - The right to require us to correct any mistakes in your personal information
- To be forgotten - The right to require us to delete your personal information—in certain situations
- Restriction of processing - The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data
- Data portability - The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
- To object - The right to object: at any time to your personal information being processed for direct marketing (including profiling); in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
- If you would like to exercise any of those rights, please send an e-mail to firstname.lastname@example.org. Please note that before discussing any request we may require you to provide information in order to verify your identity.
- How to complain - We always aim to resolve any query or concern you may raise about our use of your information. Please send details of any concerns to email@example.com
- The DPA also gives you right to lodge a complaint with the data protection regulator, the ICO. For more information, please visit the ICO website.
Our website and websites linked to ours
- You might find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies.
Contact us about data privacy
- We welcome any queries, comments or requests you may have regarding this policy please do not hesitate to contact us at firstname.lastname@example.org.
- If you would prefer to write to us then please write to the Data Protection Officer, Russell & Russell Solicitors LLP, Churchill House, Wood Street, Bolton, BL1 1EE.
- We keep our privacy notice under regular review so please check for updates from time to time. This privacy notice was last updated on 11th September 2019.