BREWER HARDING & ROWE SOLICITORS LLP
EU General Data Protection Regulation (GDPR)
This notice sets out how we use your personal data. For clients it should be read alongside our general terms of business, which provides further information on confidentiality and the basis upon which we provide our services.
Personal data is information which can be used to identify you, such as your name, address, contact details, date of birth, financial details etc. Special category information is, by its nature, more sensitive information such as your race or ethnic origin, religion, sexual orientation, health, politics, genetics etc. We, Brewer Harding & Rowe Solicitors LLP, the data controller, will collect, store, use, disclose and retain personal information about you (referred to as processing). This will usually be basic information but on occasion could also include special category information.
We will collect information about you dependent on what you have asked us to do for you. This will be obtained from a number of sources including, but not limited to, information you provide about yourself or someone else (where you have their authority) or information provided by a third party, for example, organisations referring work to us, banks or building societies, appointed experts, public record offices etc.
We have appropriate technology and operational systems in place to keep your personal data secure and these systems are enhanced in relation to sensitive information.
Using your personal data: the legal basis and purpose
We will process your personal data so far as is necessary to perform our contract with you for the provision of legal services and to comply with our legal and regulatory obligations in doing so. We may also process your personal data with your consent (which you can withdraw at any time).
This will include, but is not limited to, verifying your identification and the source of any funds; communicating with you; establishing funding for a matter or transaction; processing a client matter generally such as providing advice, attending hearings, preparing documents, obtaining insurance policies, keeping financial records, seeking advice from experts, registering and reporting on the conclusion of a matter, meeting our compliance obligations to our regulator or other legal body; and responding to any enquires from you, including in relation to data protection.
We may also process your data where it is in our legitimate interests to do so. This may include our accounting and auditing procedures and the management and supervision of our business and the people working for us, including the maintenance of quality standards.
We will not process your information for any purpose other than those for which it was obtained and we will not obtain more information than is necessary for those purposes.
If you provide your e-mail address in order to submit an enquiry, comment or request for further information on our website we will contact you regarding your enquiry, comment or request.
We may occasionally contact you by post, email or telephone to ask you for your feedback and comments on our services. We will not send you any marketing information unless we have had your prior consent (which you can withdraw at any time).
We may log your IP address (which indicates the location of your computer on the Internet) for the purpose of systems administration and troubleshooting.
If you make an application for employment providing personal details the information will be used in connection with determining your application for employment. Unless there is a good reason for doing so, we will not hold personal details in these circumstances beyond the statutory period in which a claim arising from the recruitment process may be brought.
Our website and services are not aimed at children because in legal work we would expect children to be represented by their parent or legal guardian. If you are a child and need further information about your personal data please email GDPR@bhrlaw.co.uk
Sharing your data
We may need to share your personal data with third parties when we are carrying out legal work or your instructions, complying with our legal obligations or if it is in our legitimate interests. We will not pass on your information for any purpose other than that for which it was obtained.
This will include, but is not limited to, providers of identification verification services; disclosures required by law or regulation such as to our regulator (Solicitors Regulation Authority) Legal Ombudsman or National Crime Agency; The Law Society and other external quality standards and auditing organisations; our Accountants and other professional advisors; organisations carrying out costings services, IT processing and support organisations; the Financial Services Compensation Scheme; bodies such as the Legal Aid Agency, HMRC, HM Land Registry, Companies House, the Probate Registry and General Register Office; panel management organisations and other relevant parties to a matter, property search companies, banks, building societies or other financial institutions, courts, tribunals, appointed third party experts, Barristers or Counsel appointed to a matter, insurance companies, estate agents, mortgage or financial advisors etc.
When we share information, we will aim to ensure that these third parties comply with their data protection and confidentiality obligations and only for the purpose for which it was provided to them.
There may be some uses of your personal data which still require your specific consent and if this is the case we will contact you separately for your consent, which you are free to withdraw at any time. Please also refer to our General Terms of Business. However, in certain circumstances, if we do not have your consent we may be unable to continue to act.
Personal Data Retention Periods
We will only retain your personal data (in computer or paper form) for as long as it is required to fulfil the purpose for which it was obtained, usually the completion of the legal work, and thereafter (in the case of client files in archived and scanned form) for the period required by our regulator, or as required by law or as set out in any contract you hold with us.
This could include, but is not limited to, the time within which a claim might be brought by or against you, fraud prevention requirements, financial crime or financial reporting obligations.
Ordinary scanned copies of files will be destroyed after this period (usually after a minimum of 10 years) except that certain files will be retained for longer periods such as commercial transactions or those involving financial orders or maintenance agreements. Will files will be retained until we are notified of death; trust files for the duration of the trust; probate files, where there is a surviving spouse, until their death for IHT purposes; and personal injury files, with a lifetime award, for the duration. Deeds, Wills and other original documents you ask us to store will be retained indefinitely until you request otherwise.
You have certain rights under the GDPR. However, not all of these rights apply in all circumstances.
You have a right to be informed about the processing of your personal data and the right to access the personal data we hold for you. You have a right to have incorrect information rectified if it is inaccurate or incomplete. You have the right to have your personal data erased (to be forgotten) if there is no lawful reason for continued processing, a right to restrict processing in certain circumstances and a right to object to certain types of processing. We do not engage in any automated processing or decision making.
If you have any questions or concerns about our processing of your personal data please contact our Data Protection Manager at 1 The Square Barnstaple EX32 8LS or you can email GDPR@bhrlaw.co.uk. You have the right to complain to the Information Commissioner’s Office ico.org.uk if you have any concerns about our use of your personal data.