The intention of this policy is to help you realize why and how Woodgrange Solicitors plans to make use of the personal information that is provided by its clients and the public. Please note that whenever “we” or “us” appear in this policy, it means we are talking about Woodgrange Solicitors LLP.
Information we collect and hold about you
Woodgrange Solicitors LLP will ask for your personal information like your name, address, email contact details and telephone number whenever you contact us to provide you some legal services. We may also require that you provide us other information like your passport or other ID before we can give you legal advice. This is part of our regulations. We may also require that you provide us with personal data from publicly accessible sources, like Companies House or HM Land Registry.
As we start giving you legal advice, we may demand information about you and any other persons concerned with the issue. Depending on the nature of work you demand from us, we may require that you give us personal data about you or a third party you can tell us about. This information may be about your health, ethnic origin, religious or philosophical beliefs, and/or trade union membership.
Again, when you have become a certified client of Woodgrange Solicitors LLP, or when we start discussing about you being a client, we may add your personal data to our promotional database so as to give you information regarding our seminars and events, legal updates, and other similar services. Note that you can always opt-out from this promotion whenever you wish.
If you are not a client of Woodgrange Solicitors but just a consumer (i.e. you are not representing a business or organisation), our promotional/marketing communications to you would be by email or other electronic means but it will be done with your consent. If you would welcome our promotions, your personal information like your name and email contact details would be added to our marketing database.
The company’s preferred third party email processor; dotmailer Limited is what we use to deliver our e-communications. This is our personal data processor, and it only processes the personal information we make available to it.
If you do not wish to receive our marketing communications, you can opt out by clicking the ‘unsubscribe’ link in any of our emails, or you can contact us at email@example.com to help you out. You can also opt out by changing your contact details or updating your communication preferences.
Note that we may also decide to send you our marketing information by post if we feel that there is a legitimate reason for that. Such reasons may be to send our Review for clients to interested parties every two years.
Visitors who access our website
In hosting, maintaining and securing our website, we use a third party data processor, Moriyama Limited. In order to properly carry out its functions, our website has the IP addresses of visitors to the Woodgrange Solicitors website.
People who reach out to us via social media
Please note that if you send us a private or direct message via social media, this information can and maybe shared with Woodgrange Solicitors personnel (for example, in order to respond to a specific query or to pass on information). Aside from this, we will never share your messages with any other organisation without obtaining your consent beforehand.
Queries and complaints
Whenever you send us a query or complaint, we would use the information you made available in the query or complaint, such as your name and the name(s) of any other individuals involved, to process the query and provide you with a response. We may have to share this information with third parties such as the Solicitor’s Regulation Authority, wherever we consider it necessary.
1. The way we make use of your information
We will only ever make use of your personal data if we are thoroughly convinced that it is lawful and fair to do so because:
- you have provided us with your consent to use your information for the specific reasons that were described in this privacy notice
- it is quite needful to enter into, or perform, a contract with you
- in order that we may comply with a legal obligation
- it is in our (or a third party’s) legitimate interests as long as your rights don’t override these interests. For instance, your personal data may be used to comply for fraud and crime protection and for our network and information security measures, or for any other purpose required by law or our regulatory authority. This data may also be used in identifying usage trends and for data analytics as it will help us review and improve our products, services and offers, and to provide you with information that would benefit us mutually in this contractual relationship.
We will also have to make use of special categories of personal data that concerns you or third parties you when we obtain your explicit consent and/or where it is necessary for the establishment, exercise or defence of legal claims.
We assure you that we would never sell your personal data or share it with third parties for them to use for their personal purposes.
2. Sharing your information
We would never reveal any personal information that you make available to use with any third parties other than:
- where we may have obtained your consent to share the information
- where we are needed to instruct professional advisors on your behalf e.g. barristers, medical professionals, accountants, tax advisors or other experts
- other third parties that are needed to execute your instructions, such as your mortgage provider or HM Land Registry in the case of a property transaction or Companies House
- where information such as email addresses is passed to our third party service providers, who provide operational and technical support in order to make the delivery of our services more efficient. We would provide you a list of our third party service providers whenever it is requested. Our operational and technical support would be provided through information and technology systems like case management, document management, time recording and email systems, typing services and the monitoring of our website and other technical systems
- if we are mandated by the law to disclose or share your personal information (for example, if it is required by a court order or for the purposes of prevention of fraud or other crime or in relation to audits, enquiries or investigations by regulatory bodies)
- in a bid to carry out any terms and conditions or agreements between us
- if it is required during the sale of some or all of our business and assets to any third party or for any kind of business restructuring or reorganisation (before we do this, we will give you an advance notification, and even after it, we will make sure that your privacy rights will continue to be under protection)
- in order to protect our rights, property and safety, or the rights, property and safety of other people linked to us (this includes exchanging information with our insurers, other companies, organisations and regulators in order to protect us from fraud and credit risk)
We may have to share the results of the researches we carry out concerning the use of our services with third partied, but be rest assured that we would not include your personal information, and even when we include it, it would be anonymised.
3. Data security
We have put in place adequate security measures that would aim at preventing your personal information from getting lost accidentally, from being used or accessed in an unauthorised way, or altered or disclosed.
All our official data are held electronically in a secure document management system and on our on-site file servers. Our network infrastructure is protected using firewalls and anti-malware software to prevent any breaches. We also encrypt our data using the industry standard encryption method that encrypts the data in transit. All our data are encrypted and regularly backed up on the cloud.
All our official papers and files are stored in locked cabinets in our offices when not in use, and our document storage facility is quite secure. In addition, our offices are quite secure and our data area can only be accessed by personnel who have the appropriate security passes.
When required, we will dispose of or delete your data securely.
All our employees, agents and contractors are made to be aware of their privacy and data security obligations, and we make sure that employees of third parties working on our behalf are quite aware of their privacy and data security obligations.
Your personal information can only be accessed by employees, agents, contractors and other third parties who for one reason or the other must be made aware of it. Asides them, clients’ data can only be accessed by the instructing team within the firm.
This means that access to your personal information is limited to only those employees, agents, contractors and other third parties who must, and have a need to know. Another set of people who may have access to personal data is the firm’s business support teams who may need it to provide IT and document management support.
Our company may give third parties access to your personal information in order for us to comply with regulatory authorities like, the Solicitors Regulation Authority, our auditors or our professional indemnity insurers.
Please note that information transmitted via the internet can never be completely secure. Of course we will do our best to secure your personal data, but we may not guarantee the security of any information transmitted to us electronically, and as such, any such transmission is at your own risk.
But be rest assured that we have procedures that will help us deal with any suspected data security breach, and we will notify you of any such suspected breach where we are required by the law to do so.
4. Transferring your private information outside the European Economic Area (EEA)
We would never transfer any information given to us out of the EEA unless in a situation where the transfer is unavoidable, and/or in connection with the legal services we are helping you with.
In the event where we have to transfer your private information outside the EEA, we would adequately safeguard your data in line with your privacy rights if the country the data is being transferred to cannot provide adequate protection as outlined by the EU Commission.
If you need more information regarding how we intend to safeguard your data, kindly contact law@woodgrangesolicitors .co.uk
Please note that if you are outside the EEA, we may have to transfer your information outside the EEA so you can enjoy our services. If you submit your information to us that means you agree that we can transfer and process it outside the EEA.
>5. Data retention
Our Retention and Archiving Policy regulates the way we retain and delete your personal information in our computer or manual files. We would definitely hold the information for as long as is required by the law or for our obligations, but no longer. We usually keep personal data for a period of seven years from the time of the end of your instructions to the company in case we need to re-open your matter from the date on which the reopened matter came to an end, unless otherwise specified by law.
You should also note that the personal data in our clients’ files may be held for longer to help our clients or third parties protect their claims and rights. At the elapsing of the initial seven years stipulated by the company, we may have to securely store the data in our clients’ files for up to 21 years. This data on extended storage would not be accessible to our staff unless in the context of a legal claim or other cogent reason that justifies access to the data.
This period of retention can be reduced or further extended as the case may be; (For example, if it is needed to defend legal proceedings or if there is an on-going investigation concerning the information).
The personal data that are with us undergo regular review to ensure that the data is still relevant to our business, and that the information is still accurate. In the event we discover that some of the personal data under our care are no longer accurate or no longer relevant, we would endeavour to correct or delete the said data.
6. Your rights
In certain circumstances, by law you do have the right to:<
- ask for your personal information (commonly known as a "data subject access request"). When you ask, you would receive a copy of the personal information we hold about you, so you can ascertain for yourself that we are lawfully processing it
- demand that we make the necessary corrections on any information that you believe is incorrect, incomplete or inaccurate
- demand that we clear out or delete your personal information from our files and database if you believe there is no further need to retain such information
- stop us from using your personal information to service our legitimate interests (or those of a third party) or if you think we are using your personal information for the purposes of direct marketing
- demand that we stop using your personal information, if for example you want us to state our reasons for using it or establish its accuracy
- demand that we transfer your personal information to another person or organisation
- If you provided us with the consent to use your personal information (for example, consent to receive information about our seminars and events), you reserve the sole right to withdraw that consent at any time you wish. If you want to withdraw your consent, duly contact law@woodgrangesolicitors .co.uk. As soon as we receive your notification to withdraw your consent, we will no longer use your personal information, and we would dispose of your data in an appropriate way that would ensure your continued security.
7. Queries and complaints
Our Head of Risk and Compliance, Umaad Sheikh, has been appointed to oversee compliance with our privacy notice. If you have any queries or complaints concerning this privacy notice or any other related information, please contact firstname.lastname@example.org.
You also reserve the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.