PRIVACY NOTICE

Your Data and Privacy are very important to us.

In accordance with the EU General Data Protection Policy (GDPR), this policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It is important that you read this carefully, so you can understand this firm’s practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 (the “Act”), the data controller is RJR Legal Ltd of 2 Lodge Court Heaton Mersey Stockport SK4 3HZ (Company Number: 9994070).

We are authorised and regulated by the Solicitors Regulation Authority. Our SRA authorisation number is 628548 and we are registered with the Information Commissioner’s Office, Registration No. ZA181546

Rebecca Sharp is the Data Manager for the Company and should you have any enquiries in relation to your personal data please contact Rebecca on Rebecca.sharp@rjrlegal.co.uk

Information we may collect from you

We may collect data from you from a number of different sources which will include the information that you provide to us.  Data may be provided to us on a number of occasions including but not limited to:

• When you instruct us to act on your behalf in the provision of legal advice and services.
• When we visit your home or place of work.
• When you visit our website.
• When you engage with us on social media.
• When you contact us by any means with queries, complaints etc.
• When you ask us to email you information about our services.
• When you book any kind of appointment with us.
• When you comment on or review our services.

We may also gather information in the following ways:

• When you’ve given a third-party permission to share with us the information they hold about you for example a bank or investment advisor
• We collect data from publicly available sources (such as Land Registry or Probate Registry) when you have given your consent to share information or where the information is made public as a matter of law.

What type of data will we collect?

If you are a client, we are required to collect evidence of your identity which may include documents demonstrating who you are (for example your passport or driving licence).  We will keep copies of these documents together with details of your name, gender, date of birth, address, email and telephone numbers.

We will retain records of any communication between you and any member of our team including emails, records of conversations, comments which you may make and any webpages that you visit.

If you contact us for an initial enquiry which does not immediately result in an instruction we may have collected your personal contact details this will include any direct contact that you make with us for example on the telephone or by email or indirect contact through our website, any third party website or social media.

How do we use your data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract, we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.

The following are some examples, although not exhaustive, of what we may use your information for:

• Verifying your identity
• Verifying source of funds
• Communicating with you
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts
• Responding to any complaint or allegation of negligence against us
• To provide you with any other information that you request from us
• To comply with our legal and professional responsibilities

Where we have other legitimate reasons, such as for internal compliance and security purposes.

How we protect your personal data

Keeping your data safe is extremely important to us and is integral to the relationship between a solicitor and client.  We have put in place strict policies and procedures to protect your data both internally and externally.   This includes making sure that we have appropriate technology in place to protect your data from being misused.

How long will we keep your personal data?

Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected, or as required by law or as long as is set out in any relevant contract you may have with us.

For the much of the work that we undertake on your behalf this may be until after your death especially if we have prepared a Will for you or are storing your personal documents. Otherwise, your data will only be retained for as long as required by the transaction in question.

Who do we share your personal data with?

In order to fulfil our obligations to you as a client and in order to run our business it is necessary sometimes to share your personal data with trusted third parties. In these circumstances we provide only the information they need to perform their specific services and they may only use that data for the specified reasons.

If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

Examples of these third parties include:

• HM Land Registry to register a property
• HM Revenue & Customs; e.g. for inheritance tax
• Court or Tribunal
• Companies House
• Asking an independent Barrister or Counsel for advice or to represent you
• Non legal experts to obtain advice or assistance
• Contracted Suppliers
• External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc.
• Bank or Building Society; or other financial institutions
• Insurance Companies
• Providers of identity verification
• Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
• If there is an emergency and we think you or others are at risk

On occasion, we may need your specific consent to share your personal data and, if this is the case, we will contact you separately to ask for your consent.  You are free to withhold or give and later withdraw your consent at any time.

What are your rights over your personal data?

You have the right to:

1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc but it does not necessarily mean that you are entitled to the documents that contain this data. If you wish to make a request, please do so in writing to our Data Protection Officer Rebecca Sharp or contact the person dealing with your matter. In the vast majority of situations, you will not be charged for making an access request.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
3. Request erasure of your personal data – (“Right to be forgotten”). This enables you to ask us to delete or remove personal data if there is no longer a good reason for us continuing to process it.   We will also delete or remove your personal data where you have successfully exercised your right to object to processing which is where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
4. Object to processing of your personal data where we are relying on our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you make a request in connection with your data, we will ask you to verify your identity before we release any information to you.  This ensures that we do not release your data to anyone who is not entitled to it.

Marketing

We may contact you for the purpose of marketing and this is carried out on a legitimate interest basis. This means that we may use your personal data that we have collected in accordance with this privacy policy to contact you about our products, services, events etc. which we feel may interest you. The marketing communications may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent nor do we ever pass on or sell your details to a third party.

Whenever we collect your personal data, you will be provided the opportunity to ‘opt out’ to receiving marketing communications from us. We hope you will find our communications useful but if you choose to opt out we must always comply with your request. Opting out does not prevent you from subsequently opting back in.

If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our email communications to you.

Complaints about the use of personal data

If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer Rebecca Sharp. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns.