We have updated our Privacy Notice to provide you with more information on how we protect your privacy, including information on how to exercise your rights with respect to the data we hold on you. We set out below details of the type of data we hold and how we ensure it is protected and secure.
This Privacy Notice explains how we will collect, store and use any personal data you provide via our website, email or networks and when you otherwise communicate with us (including in the course of the service we provide or the running of our business).
Your personal data is data which by itself or with other data available to us can be used to identify you.
At Goodharts Solicitors Limited (“Goodharts”) we take data protection seriously. We are committed to respecting and protecting the personal data you provide us with and we recognise the importance of being clear about how we intend to use it.
All personal data provided by you will be held by Goodharts. Our address is Rotterdam House, 116 Quayside, Newcastle upon Tyne, NE1 3DY.
COMPLIANCE WITH THE GENERAL DATA PROTECTION REGULATION (“GDPR”).
GDPR is based around seven key principles which are the starting point to ensure compliance with the Regulation as incorporated by the Data Protection Act 2018.
Everybody working in, for and with Goodharts must adhere to these principles when performing their day-to-day duties. The principles require Goodharts to ensure that all personal data and sensitive personal data are:
- Processed lawfully, fairly and in a transparent way in relation to the subject (“lawfulness, fairness and transparency”).
- Collected for specified, explicit and legitimate purposes and not further processed in a manner which is incompatible with those purposes (“purpose limitation”).
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”).
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which is inaccurate, having regard to the purposes for which it is processed, is erased and rectified without delay (“accuracy”).
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which personal data is processed (“storage limitation”).
- Processed in a manner which ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures (“integrity and confidentiality”).
- Goodharts must be able to demonstrate its compliance with 1-6 above – accountability.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
This Privacy Notice may change from time to time and, if it does, the up-to-date version will be available on our website and will become effective immediately.
Please take time to read this Privacy Notice, which contains important information about the way in which Goodharts processes personal data.
You have the right to make a complaint at any time to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the opportunity to deal with your concerns before you approach the ICO so please contact us in the first instance.
For the purposes of this Privacy Notice, “Data Protection Legislation” is defined as, for the periods in which they are in force, the European Data Protection Direction 95/46/EC, all laws giving effect or purporting to give effect to the European Data Directive 95/46/EC (such as the Data Protection Act 1998) or otherwise relating to data protection (to the extent the same apply) and, from 25 May 2018, the General Data Protection regulation (Regulation) (EU) 2016/670 (“GDPR”), or any equivalent legislation amending, supplementing or replacing the GDPR,
INFORMATION WE MAY COLLECT FROM YOU
We may collect, or be provided with information about you through various means, including in the course of carrying out our work for you (or your business), when you instruct us to represent you or to advise you, or contact us for the purposes of a job application, in which case we will process any of your personal data provided to us as a Data Processor as defined in the Data Protection Legislation:
- Via our website (for example our “Contact us” page)
- By email or other electronic correspondence
- By telephone
- Otherwise through providing our services or operating our business.
The personal data you give to us may include:
- Your full name and title
- Email address
- Telephone number
- Postal address
- Photographic identification
- Details of your potential dispute/claim
- Pay information
- Medical Information
- Curriculum vitae (for those enquiring about jobs)
- Information about your visit, including the full uniform resource locaters (URLs) clickstream to, through and from our website
- Any other personal data (such as client reference numbers which may be assigned to you) in the context of providing our services in the course of operating our business.
The personal data described above may relate to any of the following categories of person:
- Our clients
- Our prospective clients
- Those who submit enquiries through our website.
The internet is not completely secure. We cannot guarantee the security of your personal data transmitted electronically, by our website or by email. Any transmission is at your own risk.
Some of the information you provide to us as a “data subject” may be considered sensitive personal data as defined under the General Data Protection Regulation and the Data Protection Act 2018. This means information about your ethnic or racial origin, political opinions, religious beliefs, trade union membership, physical or mental health, sexual life or criminal record. We would advise you to send this information by a more secure system, such as paper/fax, instead of electronic transmission or via our website. Our fax number is 0191 206 4001. Sensitive personal data will be processed only following your explicit consent.
HOW DO WE INTEND TO USE YOUR PERSONAL DATA?
We may use your information for the following purposes:
- To respond to any query that you may submit to us;
- To complete our contractual obligations to you;
- Where we need to comply with a legal or regulatory obligation (for example, any relevant anti-money laundering law or regulation);
- To send you any relevant information on our services and events which may be of interest to you using email and/or postal address which you have provided but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable Data Protection Legislation. You can withdraw your consent to marketing activity at any time by emailing us at firstname.lastname@example.org.
- To comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place;
- As we consider necessary to prevent illegal activity or to protect our interests.
If you are interested in working for us, we will use your personal data only to process your application and to monitor recruitment. Personal data about unsuccessful candidates will be retained for 6 months after the recruitment process is completed, at which point it will be disposed of securely.
LEGAL GROUNDS FOR PROCESSING YOUR INFORMATION
We will rely on the following legal bases under Data Protection Legislation for processing your personal data:
- Performance of, or entry into, a contract;
- Compliance with a legal obligation to which we are subject;
- We have a legitimate interest in doing so as a service provider;
- Where processing of “special category data” is necessary in the context of the establishment, exercise or defence of legal claims;
- In certain circumstances, where we have express consent to do so. Where we collect consent, we will explain that it may be withdrawn at any time in accordance with the information we provide at that time;
We will process your personal data as a Data Processor in accordance with the terms of the contractual arrangements in place between us.
SHARING YOUR INFORMATION
We may share your details with third parties in accordance with your instructions to enable us to fulfil our contractual obligations to you in the course of business.
We will only share your personal data in compliance with Data Protection Legislation.
We may disclose your information to third parties when:
- You specifically request this or it is necessary to provide our services to you;
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
Such third parties include the following:
- The opposing party in any litigation and their legal representatives
- Barristers who Goodharts instruct on your behalf
- The Employment Tribunal and the Employment Appeal Tribunal
- The Courts
- Our accountants
- Medical or other experts
- The Legal Ombudsman
- The Solicitors’ Regulation Authority
- Our IT Support Team.
STORAGE AND RETENTION OF YOUR PERSONAL DATA
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the persona data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will procure that any third parties we engage to provide services in satisfaction of any contract between us will keep your data stored on their systems for as long as is necessary to provide the services to you and to comply with applicable legal requirements.
We will not store your information for longer than is reasonably necessary or required by law and/or as needed for the duration of our contractual relationship.
Following the completion of any contract between us, we may also need to retain your personal data for legal and regulatory purposes, including:
- Pursuing any outstanding payments
- For HMRC audit purposes
- Regulatory reasons (for a period of up to 6 years).
All retained personal data is subject to the controls of our Data Protection Policy and will be securely disposed of when it is considered to be on no further use and following the prescribed period for the retention of records.
WHERE WILL MY PERSONAL DATA BE KEPT?
Once we have received your personal data we will use standard procedures and security features to try to prevent unauthorised access.
Your personal data will be under the control of Goodharts. It will be held on our computer system. Parts of our computer system, including our website and our email, are provided by a UK supplier of computer systems, and are provided for Goodharts’ sole use. When we print your personal data, this will be in the possession and control of our employees and directors at all times, and will be securely disposed of when it is considered to be of no further use to us.
Cookies are text files placed by our website onto your computer. They collect standard internet log and visitor information. Our website only uses temporary cookies as they remain in the cookie file of your browser only until you leave the site. Cookies enable us to improve our website by enabling us to monitor which pages you find useful and which you do no. We do not collect any personal data by using cookies.
YOUR INFORMATION RIGHTS
Data Protection Legislation gives you the right to access information held about you.
We will aim to respond to any requests relating to your rights without undue delay and in any case within one month of receipt of your request.
We may ask you to confirm your identify so that we can validate a request. If you would like to make a request, please email or write to the Data Protection Officer using the contact details provided above and below.
You have the right to:
- Request access to your personal data and check that we are lawfully processing it.
- Request correction of the personal data that we hold about you if you consider that it is inaccurate.
- Request the transfer of your personal data to you or to a third party.
- Request erasure of your personal data. This includes where you have been successful in exercising your right to object to processing (see below). However, we may not be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Request restriction of processing of your personal data. This may be the case if you want us to establish the data’s accuracy or where our use of the personal data is unlawful but you do not want us to erase it.
- Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms.
- Where you exercise your rights to request erasure, or request a restriction in the processing of your personal data or to object to processing of your personal data, we may still need to keep basic contact information about you if you are already or will in the future be a client as we will require this for contractual purposes.
You have the right, under the General Data Protection Regulation and that Data Protection Act 2018, to be provided with a permanent copy of certain personal data which Goodharts holds about you. You have the right to know:
- Any information available as to the source of your personal data
- The personal data of which you are a data subject
- The purpose for which we are using it
- The recipients to whom we have disclosed or may disclose your personal data.
The General Data Protection Regulation and the Data Protection Act 2018 does not entitle you to see non-personal data or information about other data subjects.
If you have any questions regarding this notice or you would like to speak to us about the way in which we process your personal data, please email our Data Protection Officer at email@example.com or telephone our Data Protection Offier on 0191 687 2055 or write to us at this address:
Data Protection/Compliance Officer
Goodharts Solicitors Limited
Newcastle upon Tyne
You also have a right to make a complaint to the ICO, as mentioned above. The ICO’s address is as follows:
Information Commissioner’s Office
Tel 0303 123 1113
Our Ref: Company Number: 07325962, ICO Registration Number: Z2565026