We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are?
SK Lloyds Solicitors (‘we’ or ‘us’) collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and we are responsible as the ‘controller’ of that personal information for the purposes of those laws.
Where do we collect your personal data from?
We might collect your personal data from various sources, including you, your family members, employer or representatives, estate agents, accountants, mortgage lenders, solicitors, credit reference agencies and anti-fraud databases, sanctions list, court judgements and other databases, or third parties including the other party to your case or transaction, social services, carers or nursing and retirement homes. Which of these sources apply will depend on your particular circumstances, but most of the time the information will come direct from yourself.
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can give consent on his/her behalf to the processing of his/her personal data; receive on his/her behalf any data protection notices; and give consent to the processing of his/her personal or sensitive data.
It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us.
Why do we need this information about you and how will we use it?
We may use your personal information for the following purposes:
The provision of legal services, including setting you up as a client (along with possible fraud, sanctions, bankruptcy and anti-money laundering checks), client care, including communicating with you and sending you updates and documents, filling out forms and documents as necessary for your case or transaction, credit control including receiving payments from you, returning payments to you or chasing for payment, letting you know of related legal services;
The administration and management of our practice, including statutory returns, legal and regulatory compliance, the prevention of money laundering or terrorist financing, keeping accounts and allocating payments, managing and retaining records and database of our clients and matters including to carry out conflict checks, analysing our client database and developing and improving our services, managing claims and complaints;
Marketing our services to you, including letting you know about events that we organise, sending you newsletters by email, carrying out surveys to improve our services and keeping in touch generally.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Legitimate interest means the interest of our business in conducting and managing our business. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests or against any potential impact on you in respect of specific activities by contacting us.
Please note that when we carry out electronic identity checks via external search providers in order to comply with our regulatory requirements, the checks leave a footprint on an individual’s credit file. However, this footprint is not the same as a credit check footprint and will have no negative impact on your file. It is just shown as an ‘identity search’ which is effectively a light footprint, simply showing an anti-money laundering search has taken place. An individual can have many identity footprints and it still will not affect their credit file.
What information do we collect?
We collect and process personal data about you. Personal data, or personal information, means any information about an individual from which the person can be identified. It does not include data where the identity has been removed (anonymous data). The types of personal data that are processed may include:
- Individual details: name, address (including proof of address), other contact details (such as email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and family details including their relationship to you, details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet, any permissions, consents or preferences that you give us (including how you want us to contact you);
- Identification details: Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number or driving licence number;
- Financial information: Bank account or payment card details, mortgage details, income or other financial information;
- Contractual data:Details about the services we provide to you and how you use our services, or details about any potential conflicts of interest;
- Credit and anti-fraud data: Bankruptcy history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you;
- Special categories of personal data: Certain categories of personal data which have additional protection under the Data Protection Act 2018. The categories are physical or mental health condition, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation. We will usually not ask you to provide special categories of personal data unless this is needed to advise you or deal with your case or transaction (for example in personal injury claims or employment matters). If we request such information, we will explain why we are requesting it and how we intend to use it. Your consent will be necessary and you may withdraw your consent at any time. However, if you withdraw your consent, this may impact our ability to provide you with legal services;
- Transaction Data: Details about payments to and from your accounts with us, how you use our services, and any claims you make;
- Profile Data: Information about your interests, preferences, services generally provided;
- Marketing and Communications data: Information about your preferences in receiving marketing material.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate information about how you use our services to calculate the percentage of clients utilising a particular service we offer. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
How do we use your information?
Our web site uses the data we collect for three basic purposes: to operate our business and provide (including improving and personalising) the services we offer, to send communications, and to display advertising. In carrying out these purposes, we combine data we collect through the various web site services you use to give you a more seamless, consistent and personalised experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations. For example, we store data we collect from you when you are unauthenticated (not signed in) separately from any account information that directly identifies you, such as your name, email address or phone number.
Who might your information be shared with?
We may disclose your personal data to The Solicitors Regulation Authority, The Legal Ombudsman, The Law Society, The National Crime Agency, The Office of the Public Guardian, HMRC, our insurers, our accountants and to other external organisations and firms who may conduct audit or quality inspections on our practice and our client services or provide services to us, and who are required to maintain confidentiality in relation to our files. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party unless necessary for your case or transaction and with your consent (for example if we need to instruct a barrister or an expert).
How long will your personal data be kept?
We will only keep your personal data as long as it is necessary and for the purpose for which it was original collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claims, or where we are required to keep your personal data due to legal or regulatory reasons.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may preserve the anonymity of your personal information so that it can no longer be associated with you, in which case we may use such personal information without further notice to you.
What rights do you have?
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please see the “How to Contact Us” section and let us have enough information to identify you:
- contact our Data Protection Manager (see “How to Contact Us”);
- let us have enough information to identify you (for example your name and what services we provided to you or when);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any reference number if you have this.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
What happens if you choose not to provide us with personal information or are unable to provide us with personal information?
If you fail to provide certain personal information when requested, we may not be able to perform the agreement we have entered into with you, or we may be prevented from complying with our legal obligations.
Use of Cookies
- Our website uses cookies and pixels, which give us information about your use of our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. We may use this information to contact you, and we will use it as a means of analysing the effectiveness of our website and to improve our service.
- You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result. For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
- How to complain We hope that our Data Protection Manager can resolve any query or concern you raise about our use of your information. You have the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.
- How to contact us Please contact our Data Protection Manager, Shafqat Ali, if you have any questions about this Privacy Notice or the information we hold about you, or if you would like this notice in a larger print. If you wish to contact us, please write to us at SK Lloyds Solicitors, Office 8E, Phoenix house, 100 Brierley St BL9 9HN.
- let us know the information to which your request relates, including any reference number if you have this.
Call us on 0161 870 6080 or email us on [email protected] and we will call you to discuss your compensation claim.