Privacy Policy
Grants Family Law Practice is committed to ensuring your privacy is protected and security of your personal information. Please read this Privacy Policy carefully as it contains important information about how and why we collect, store, use and share your Personal Data in accordance with the General Data Protection Regulation (the GDPR). It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When dealing with your personal data, we will always comply with the GDPR.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing Grants Family Law Practice compliance with data protection law. If you have any questions about this Privacy Policy or how we handle your personal information, please contact the DPO (see “Contact us”).
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the course of our engagement with you.
1. Personal data we collect about you
1.1 Personal data means any information about an individual from which that person can be identified or is identifiable. It does not include information which is anonymous. In some circumstances, this could include information about your family or other third parties.
Individuals
1.2 The Personal Data we will or may collect may include but is not limited to: -
Suppliers and third-party business contacts and prospects: -
1.3 If you are a business - Information provided by you about your business and other individuals (which could include some or all of the data above) in connection with any advice.
1.4 We process titles, names, and business contact information including addresses, telephone numbers and email addresses for your employees and representatives. Such processing is necessary for performance of the contract between us.
1.5 If you are a prospective or new client, we process personal information as part of our Anti-Money Laundering procedure. We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).
1.6 We may perform due diligence in the form of credit checks on companies, including checking photographic identification and proof of address of directors and, in some cases, your shareholders, and verification of the company registration details. We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).
1.7 We process information relating to your legal matter and our instructions.
1.8 We process personal information contained in documents reviewed by us as part of any due diligence and provided to us in disclosure. Such processing is necessary for the purpose of providing legal advice.
1.9 For the legitimate interests of managing our business and improving our services (provided that the interests and fundamental rights of any individual or those a third party do not override our interests).
1.10 To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.
The other Party re client matters
1.13 For lawyers acting on the other side of a particular matter, we will collect your contact details and such information about your clients as necessary for us to advise our client.
1.14 We process personal information contained in documents reviewed by us as part of our due diligence and/or as provided to us in disclosure.
1.15 Such processing is necessary for: -
- the purpose of establishing, exercising or defending legal claims; and
- for the legitimate interests of our client in receiving legal advice from us (provided that your client's interests and fundamental rights do not override our client's interests).
1.16 We may process yours or your client's bank details, such processing is necessary where funds are required to be paid (for example in respect of a Court fee, on completion of a sale of property or in respect of payment of a lump sum).
1.17 To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.
2. How your personal data is collected
2.1 We collect most of the personal data direct from you when you complete our website enquiries form, when you obtain advice from us as a prospective client, as a client of the firm, when or where we enter into a contract to receive services from you.
2.2 We collect further information from you during the period of our retainer or for the duration of you providing services to us.
2.3 We may also collect personal data from third party sources including but not limited to: -
3. How and why we use your data
3.1 We will only use your personal data where the law allows us to, for example: -
4. Who we share your personal data with
4.1 We may share personal data within Grants Family Law Practice as necessary to ensure the smooth running of our business and to improve the service we provide to clients.
4.2 We may share information with but not limited to: -
5. Transferring information outside the EEA
5.1 All our personal information is hosted on servers or hard copies are located within the European Economic Area (EEA).
5.2 If we are required to share your personal data outside the EEA for example because you are based outside of the EEA, your matter has an international dimension or where our service providers are located outside the EEA any transfers of personal data outside the EEA we will put in place appropriate measures to ensure that personal information is treated by third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
6. How long will we keep your information for?
6.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6.2 To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
6.3 Where a minimum retention period is required by law (such as retaining records for HMRC purposes or for compliance with the SRA requirements) we will comply with that minimum period. When it is no longer necessary to retain your personal data, we will delete or anonymise the information.
6.4 We retain client documents in line with the Law Society's recommendations and our professional indemnity insurers. Please contact the practice if you would like to discuss specific retention periods applicable to your matter.
6.5 If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so).
7. Your Rights
7.1 You can exercise the following rights under the GDPR: -
Right of Access – to be provided with a copy of your personal data information (commonly known as a "subject access request").
Right to rectification - to require us to correct any mistakes in your personal data.
Right to be forgotten - to require us to delete your personal data in certain situations.
Right to restrict processing - to require us to restrict processing of your personal data in certain circumstances
Right to data portability – to receive the personal data you provided to us, in a structured and commonly used and machine useable format.
Right to object – to object to your personal data being used for direct marketing
- in certain other situations to our continued processing of your Personal Data.
Right not to be subject to automated individual decision-making – not to be subject to a decision based solely on automated processing.
7.2 Withdraw consent - in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.
7.3 If you would like to exercise any of the above rights, please contact the DPO (see “Contact us”).
7.4 You will not have to pay a fee to access your personal information (or to exercise any of your rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
7.5 You will need to let us have information: -
- to identify you (e.g. your full name, address and client reference number, if you are a client);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request.
8. Keeping your personal data secure
8.1 We have put in place measures to protect the security of your information. Details of these measures are available upon request.
8.2 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
8.3 We have in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
8.4 We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Contact us
If you have any questions about this Privacy Policy, please contact our Data Compliance Officer: -
Katie Grant
Grants Family Law Practice, PO Box 3914, Swindon, SN2 9HJ.
[email protected]
Tel: 01793 616129
How to complain
We hope our Data Compliance Officer can resolve any query or concern you may raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
When dealing with your personal data, we will always comply with the GDPR.
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing Grants Family Law Practice compliance with data protection law. If you have any questions about this Privacy Policy or how we handle your personal information, please contact the DPO (see “Contact us”).
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the course of our engagement with you.
1. Personal data we collect about you
1.1 Personal data means any information about an individual from which that person can be identified or is identifiable. It does not include information which is anonymous. In some circumstances, this could include information about your family or other third parties.
Individuals
1.2 The Personal Data we will or may collect may include but is not limited to: -
- Your name, address and telephone number Your email address and mobile telephone number
- Details to verify your identity, date of birth, passport details, utility bill, driving licence
- Financial information relevant to your instructions
- bank details, necessary where funds are to be paid to you (for example on settlement of your divorce);
- Personal information contained in documents reviewed by us as part of any due diligence and provided to us in disclosure. Such processing is necessary for the purpose of providing legal advice.
- Feedback you provide to us on our services. Such processing is necessary for the legitimate interest of managing our business and improving our services (provided that your interests and fundamental rights do not override our interests).
- Details of your pension arrangement.
- Details of your spouse/partner and dependants or other family members.
- Your employment status and details including salary and benefits, e.g. if you instruct us on matter in which your employment status or income is relevant. Your National Insurance and tax details.
- Your bank and/or building society details.
- Details of your professional online presence, e.g. LinkedIn profile.
Suppliers and third-party business contacts and prospects: -
1.3 If you are a business - Information provided by you about your business and other individuals (which could include some or all of the data above) in connection with any advice.
1.4 We process titles, names, and business contact information including addresses, telephone numbers and email addresses for your employees and representatives. Such processing is necessary for performance of the contract between us.
1.5 If you are a prospective or new client, we process personal information as part of our Anti-Money Laundering procedure. We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).
1.6 We may perform due diligence in the form of credit checks on companies, including checking photographic identification and proof of address of directors and, in some cases, your shareholders, and verification of the company registration details. We do this to comply with our legal obligations, and as necessary for our legitimate interests (provided that the interests and fundamental rights of the individual do not override our interests).
1.7 We process information relating to your legal matter and our instructions.
1.8 We process personal information contained in documents reviewed by us as part of any due diligence and provided to us in disclosure. Such processing is necessary for the purpose of providing legal advice.
1.9 For the legitimate interests of managing our business and improving our services (provided that the interests and fundamental rights of any individual or those a third party do not override our interests).
1.10 To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.
The other Party re client matters
1.13 For lawyers acting on the other side of a particular matter, we will collect your contact details and such information about your clients as necessary for us to advise our client.
1.14 We process personal information contained in documents reviewed by us as part of our due diligence and/or as provided to us in disclosure.
1.15 Such processing is necessary for: -
- the purpose of establishing, exercising or defending legal claims; and
- for the legitimate interests of our client in receiving legal advice from us (provided that your client's interests and fundamental rights do not override our client's interests).
1.16 We may process yours or your client's bank details, such processing is necessary where funds are required to be paid (for example in respect of a Court fee, on completion of a sale of property or in respect of payment of a lump sum).
1.17 To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies.
2. How your personal data is collected
2.1 We collect most of the personal data direct from you when you complete our website enquiries form, when you obtain advice from us as a prospective client, as a client of the firm, when or where we enter into a contract to receive services from you.
2.2 We collect further information from you during the period of our retainer or for the duration of you providing services to us.
2.3 We may also collect personal data from third party sources including but not limited to: -
- publicly accessible sources, e.g. Companies House or HM Land Registry;
- from a third party with your consent, e.g.: your bank or building society, another financial institution or advisor, consultants and other professionals we may engage in relation to your matter or your employer and/or trade union, professional body or pension administrators, your doctors and other health professionals, consultant’s and other professionals whom we may engage in relation to your matter;
- from the party on the other side, or from lawyers or other professional advisors acting on their behalf.
- computer networks, communications systems and connections.
3. How and why we use your data
3.1 We will only use your personal data where the law allows us to, for example: -
- to comply with our legal and regulatory obligations;
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- for our legitimate interests provided your interests and fundamental rights do not override those interests. or those of a third party;
- where you have given your consent.
4. Who we share your personal data with
4.1 We may share personal data within Grants Family Law Practice as necessary to ensure the smooth running of our business and to improve the service we provide to clients.
4.2 We may share information with but not limited to: -
- professional advisers who we instruct on your behalf or refer you to, such as barristers, costs draftsmen, medical professionals, accountants, tax advisers, investment companies, architects, estate agents or other experts;
- our regulator the Solicitor's Regulation Authority (SRA),
- our insurance and our professional indemnity insurance broker
- other third parties where necessary to carry out your instructions, e.g. your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
- Government Departments i.e. Companies House, Land Registry, HMP, HMRC, DWP, Legal Ombudsman.
- the Court
- our bank.
5. Transferring information outside the EEA
5.1 All our personal information is hosted on servers or hard copies are located within the European Economic Area (EEA).
5.2 If we are required to share your personal data outside the EEA for example because you are based outside of the EEA, your matter has an international dimension or where our service providers are located outside the EEA any transfers of personal data outside the EEA we will put in place appropriate measures to ensure that personal information is treated by third parties in a way that is consistent with and which respects the EU and UK laws on data protection.
6. How long will we keep your information for?
6.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6.2 To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
6.3 Where a minimum retention period is required by law (such as retaining records for HMRC purposes or for compliance with the SRA requirements) we will comply with that minimum period. When it is no longer necessary to retain your personal data, we will delete or anonymise the information.
6.4 We retain client documents in line with the Law Society's recommendations and our professional indemnity insurers. Please contact the practice if you would like to discuss specific retention periods applicable to your matter.
6.5 If we are required to retain your information longer than our standard retention periods, we will let you know (unless we are prevented by law from doing so).
7. Your Rights
7.1 You can exercise the following rights under the GDPR: -
Right of Access – to be provided with a copy of your personal data information (commonly known as a "subject access request").
Right to rectification - to require us to correct any mistakes in your personal data.
Right to be forgotten - to require us to delete your personal data in certain situations.
Right to restrict processing - to require us to restrict processing of your personal data in certain circumstances
Right to data portability – to receive the personal data you provided to us, in a structured and commonly used and machine useable format.
Right to object – to object to your personal data being used for direct marketing
- in certain other situations to our continued processing of your Personal Data.
Right not to be subject to automated individual decision-making – not to be subject to a decision based solely on automated processing.
7.2 Withdraw consent - in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are required to continue to process your information in accordance with another lawful basis which has been notified to you.
7.3 If you would like to exercise any of the above rights, please contact the DPO (see “Contact us”).
7.4 You will not have to pay a fee to access your personal information (or to exercise any of your rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
7.5 You will need to let us have information: -
- to identify you (e.g. your full name, address and client reference number, if you are a client);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request.
8. Keeping your personal data secure
8.1 We have put in place measures to protect the security of your information. Details of these measures are available upon request.
8.2 Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
8.3 We have in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
8.4 We have in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Contact us
If you have any questions about this Privacy Policy, please contact our Data Compliance Officer: -
Katie Grant
Grants Family Law Practice, PO Box 3914, Swindon, SN2 9HJ.
[email protected]
Tel: 01793 616129
How to complain
We hope our Data Compliance Officer can resolve any query or concern you may raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
