This notice explains when and why we collect personal information about you; how we use it, when we may pass it on to others and how we keep it safe.
For clients of Nicholas & Co, you should read this notice alongside our terms and conditions of business, which are provided to you at the start of your work. If you are another party to a transaction, for instance, our client is buying a property from you or has a dispute with you that we are dealing with, we may also hold basic data about you relating to that matter.
Our website and services are not aimed at children because in legal work children are usually represented by their parents or guardians. If you are a child and need further advice or explanation about how we would or do use your data, please contact our Practice Manager, Gwen Philippou, firstname.lastname@example.org.
This notice does not apply to any websites that may have a link to ours or any websites belonging to others which we provide links to.
Who we are
We are Data Controllers. Data is collected, processed and stored by Nicholas & Co Solicitors Limited. We also process data provided by or required by others who may also be Data Controllers.
What Data do we collect?
The information we will request from you will depend on the work we are doing for you. This notice is intended for clients and prospective clients only. If you are another party to a matter we are dealing with, we suggest you first contact your own solicitor to check what information they have provided to us, but your rights in relation to your data remain the same.
In many cases personal data will be restricted to basic information, such as name, address, gender, contact details and information needed to complete ID checks but some of the work we do may require us to ask for more sensitive information.
Cookies on our website relate only to use of our website and do not relate to external marketing. If this changes in the future we will make it clear on our website and update this notice.
Our website does record the IP address of people submitting client survey forms, but this is not tracked or analysed, it is only collected to show that responses are not all from the same person.
Lawful bases for processing
Consent: We may process your personal data based upon your consent. Please note that you are able to remove this consent at any time by contacting the Data Protection Manager, Nick Nicholas - email@example.com.
Legal obligation: We may be required to process your personal data in order to comply with our obligations under legislation such as the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, the Criminal Finances Act 2017, the Foreign Account Tax Compliance Act 2010 (for clients with US ‘person’ status) and under common law. We may, on occasion, be required to share your personal data with the relevant authorities. This processing of your personal data is to comply with the law, and we would be unable to act for you without doing so.
Contractual obligation: we may process your personal data on the basis that we have a contract with you.
Legitimate interest: Alternatively, in some instances we may have a legitimate interest in processing your personal data,
Whenever we are processing special categories of personal data, and/or criminal conviction and offence records, we will only use that data to deliver the services you have instructed us to provide and with your consent save where there is a legal obligation for us to process the information
All your personal data will be processed, and erased, in accordance with our Data Retention and Erasure Policy, a copy of which is available upon request from our Data Protection Manager Nick Nicholas, Nicholas & Co, 10-12 Bourlet Close, London W1W.
Sources of information
Information about you may be obtained from a number of sources; for instance
- You may give us information about yourself
- You may provide information relating to someone else - if you have the authority to do so
- Information may be passed to us by others in order that we can undertake your legal work on your behalf. These are most often:
- Banks or building societies
- Other law firms
- Search providers and identity checking providers
Why we need it
The primary reason for asking you to provide us with your personal data, is to allow us to carry out your requests - which will ordinarily be to represent you and carry out your legal work.
The following are some examples of how will use your information:
- Checking your identity
- Verifying source of funds
- Communicating with you
- To establish funding of your matter or transaction
- Obtaining insurance policies on your behalf
- Processing your legal transaction including:
- Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
- Keeping financial records of your transactions and the transactions we make on your behalf
- Seeking advice from third parties; such as legal and non-legal experts
- Responding to any complaint or allegation of negligence against us
Who has access to it?
We have procedures to ensure secure processing of your personal data. We will not sell or rent your information. We will not share your information for marketing purposes.
Generally, we will only use your information within Nicholas & Co. However, there may be circumstances, in carrying out your legal work, where we may need to disclose some information to others; for example:
- HM Land Registry to register a property
- HM Revenue & Customs; e.g. for Stamp Duty Liability
- Court or Tribunal
- Solicitors acting on the other side
- Asking an independent legal specialist (such as a barrister) for advice; or to represent you
- Non-legal experts to obtain advice or assistance
- Translation Agencies
- Contracted Suppliers of support services such as IT, archiving or transcription, accountants or telephone services
- External auditors or our Regulator; e.g. Law Society, SRA, ICO etc.
- Bank or Building Society; or other financial institutions
- Insurance Companies
- Providers of identity verification
- Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
- If there is an emergency and we think you or others are at risk
Where your information is shared with these external parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
Transferring your personal data
We will not transfer your personal data overseas except where it is essential in order to conduct your business, e.g. an email to an overseas party to your transaction. We aim to only use third party services, such as data storage, which are based in the UK. Occasionally this is not practical but we will not use services which hold data outside the UK or EU.
Protecting your data
We recognise that your information is valuable and we take all reasonable measures to protect it.
We use technology to protect personally identifiable data from loss, misuse, alteration or destruction and ensure that, where possible, physical access to our buildings is carefully controlled. We also insist that contractors and staff agree to protect confidentiality of all information.
Keeping your data
Your personal information will be retained, usually in computer or paper files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. We will then keep it for an additional period as described below. We rely on our insurers to guide us in the appropriate length of time to keep your information.
As a guide we will keep it for a minimum of 7 years from the closure of your legal work, in case you, or we, need to reopen the case or to defend complaints or claims against us. This will apply even if you do not proceed with your matter to a conclusion.
Certain types of matters may be kept for longer periods and some, such as those involving trusts, wills, or deeds to unregistered property may be kept indefinitely.
If you wish to know how long your matter will be stored for please ask your solicitor.
You have the right of access to your personal data. If you would like a copy of the personal data that we are processing please contact our Data Protection Manager, whose name and address are above. Kindly note that we will need to verify your identity before responding to your request. Normally we make no charge for doing this, and will endeavour to send it to you within 1 month of receipt of your request. If you notice that any of the information we send you is inaccurate or incomplete, please tell us and we will rectify it promptly.
You also have rights to erase personal information, to restrict processing in, to rectify inaccuracies, as well as the right to object to the processing of your data. There is typically no charge for exercising these rights.
Personal data that is covered by legal professional privilege, and personal data that we process so as to provide legal advice or representation may fall outside these rights. In other words, we may not be able to acceded to data subject requests concerning these categories of data.
If you are dissatisfied with our response you may complain to a supervisory authority which, in the UK, is the ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. The ICO’s website is at https://ico.org.uk/. Their helpline number is: 0303 123 1113. There may also be judicial remedies available to you.
We may contact you in relation to services we have supplied to you, for instance, if we have held your will for some time we may check if you wish to update it or have it returned to you. We may also occasionally invite you to social or educational activities run by the firm but not with the intention of selling or promoting specific services. We do not use direct marketing methods and will never pass on or sell your details to a third party.
If this changes we will update this notice and ask for your permission to send you marketing information.
The following are examples of how we may use your non-sensitive personal information for our legitimate business interests:
- fraud prevention
- network and information systems security
- improving our services
- identifying usage trends
- providing non-identifiable statistical information to regulatory bodies, mortgage lenders or our insurers
Any questions regarding this notice and our privacy practices should be sent by email to firstname.lastname@example.org.