PELLMANS

S o l i c i t o r s
Pellmens Solicitors / Eynsham / Oxfordshire
Home | About Us | Our Services | Contact Us   01865 884400 mail@pellmans.co.uk
Business and Company Law
Employment Law
Residential Property:
Buying and Selling Homes and Investment Property - Conveyancing
Commercial Property
Agricultural Law:
Farming, Rural Law and Problems
Private Client:
Wills, Probate, Trusts,
Estate Planning, Lasting Powers of Attorney & Deputyship Applications
 

GDPR PRIVACY NOTICE for CLIENTS
Data controller (“the Firm”): Pellmans LLP of 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB, telephone number: 01865 884400, email: mail@pellmans.co.uk
Controller’s representative and data protection officer: Joanna Pellman of 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB, telephone number: 01865 884400, email
Data compliance manager: Adrian Pellman of of 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB, telephone number: 01865 884400, email

Introduction
The Firm collects and processes personal information, or personal data, relating to its clients and the business which the Firm is instructed by them to conduct. This personal information may be held by the Firm on paper or in electronic format.
The Firm is committed to being transparent about how it handles their personal information, to protecting the privacy and security of their personal information and to meeting its data protection obligations under the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make them aware of how and why we will collect and use their personal information both during and after their relationship with the Firm. We are required under the GDPR to notify them of the information contained in this privacy notice.
This privacy notice applies to our clients and information supplied by them or obtained by us in the course of our relationship. It is non-contractual and does not form part of our contract with them or any other contract for services.
The Firm has appointed a data protection officer and a data compliance manager to oversee compliance with this privacy notice. If clients have any questions about this privacy notice or about how we handle their personal information, please contact Joanna Pellman of 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB, telephone number: 01865 884400, email


Data protection principles
Under the GDPR, there are six data protection principles that the Firm must comply with. These provide that the personal information we hold about our clients must be:
> Processed lawfully, fairly and in a transparent manner.
> Collected only for legitimate purposes that have been clearly explained to them and not further processed in a way that is incompatible with those purposes.
> Adequate, relevant and limited to what is necessary in relation to those purposes.
> Accurate and, where necessary, kept up to date.
> Kept in a form which permits your identification for no longer than is necessary for those purposes.
> Processed in a way that ensures appropriate security of the data.
The Firm is responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.


What types of personal information do we collect about clients?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data, i.e. where all identifying particulars have been removed. There are also “special categories” of personal information, and personal information on criminal convictions and offences, which requires a higher level of protection because it is of a more sensitive nature. The special categories of personal information comprise information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and genetic and biometric data.
The Firm collects, uses and processes a range of personal information about our clients. This includes (as applicable):
> their contact details, including their name, address, telephone number and personal e-mail address
> their emergency contact details/next of kin
> their date of birth
> their gender
> their marital status and dependants
> their financial employment, marital and relationship details
> their National Insurance number
> their bank account details, tax code and tax status information
> photographs
The Firm may also in the course of acting on their behalf collect, use and process the following special categories of their personal information (as applicable):
> information about their health, including any medical condition
> information about criminal convictions and offences

We require their express informed written consent to use or process this information.


How do we collect clients’ personal information?

The Firm may collect personal information about clients in a variety of ways. It is collected either directly from them or sometimes from a third party. We may also collect personal information from other external third parties.
Their personal information may be stored in different places, including in their case files and in other IT systems, such as the e-mail system.


Why and how do we use clients’ personal information?
We will only use clients’ personal information when the law allows us to. These are known as the legal bases for processing. We will use their personal information in one or more of the following circumstances:
> where we need to do so to perform our contract with them (1)
> where we need to comply with a legal obligation (2)
> where it is necessary for our legitimate interests (or those of a third party), and their interests or their fundamental rights and freedoms do not override our interests (3).
We may also occasionally use their personal information where we need to protect their vital interests (or someone else’s vital interests).

We need all the types of personal information listed under “What types of personal information do we collect about clients?” primarily to enable us to perform our contract with them (1) and to enable us to comply with our legal obligations (2). In some cases, we may also use their personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that their interests or their fundamental rights and freedoms do not override our interests (3). Our legitimate interests include: performing or exercising our obligations or rights under the direct relationship that exists between the Firm and the client; performing effective internal administration and ensuring the smooth running of the business; ensuring the security and effective operation of our systems and network; protecting our confidential information; and conducting due diligence on clients and persons involved in the client’s case. We believe that they have a reasonable expectation as our client that we will process their personal information. We have indicated, by using (1), (2) or (3) next to each type of personal information listed above, what lawful basis we are relying on to process that particular type of personal information.

The purposes for which we are processing, or will process, the client’s personal information are to:
enable us to maintain accurate and up-to-date client records and contact details (including details of whom to contact in the event of an emergency)
> comply with statutory and/or regulatory requirements and obligations
> comply with disability discrimination obligations
> maintain an accurate record of their engagement terms
> administer the contract we have entered into with them
> ensure compliance with their statutory and contractual rights
> meet our obligations under health and safety laws
> monitor their use of our IT systems to ensure compliance with our IT-related policies
> ensure network and information security and prevent unauthorised access and modifications to systems
> ensure effective business administration, including accounting and auditing
> ensure adherence to Firm rules, policies and procedures
> monitor equal opportunities
> enable us to establish, exercise or defend possible legal claims
Please note that we may process the client’s personal information without their consent, in compliance with these rules, where this is required or permitted by law.


What if clients fail to provide personal information?
If a client fails to provide certain personal information when requested or required, we may not be able to perform the contract we have entered into with them, or we may be prevented from complying with our legal obligations. They may also be unable to exercise their statutory or contractual rights.


Why and how do we use clients’ sensitive personal information?
We will only collect and use clients’ sensitive personal information, which includes special categories of personal information and information about criminal convictions and offences, when the law additionally allows us to.
Some special categories of personal information, i.e., information about criminal convictions and offences, is also processed so that we can perform or exercise our obligations or rights under law and in line with our data protection policy.
We may also process these special categories of personal information, and information about any criminal convictions and offences, where we have their explicit written consent. In this case, we will first provide them with full details of the personal information we would like and the reason we need it, so that they can properly consider whether they wish to consent or not. It is entirely their choice whether to consent. Their consent can be withdrawn at any time.
The purposes for which we are processing, or will process, these special categories of clients’ personal information, and information about any criminal convictions and offences, are to:
> comply with statutory and/or regulatory requirements and obligations, e.g. carrying out criminal record checks
> comply with the duty to make reasonable adjustments for disabled clients and with other disability discrimination obligations
> administer the contract we have entered into with the client
> ensure compliance with their statutory and contractual rights
> meet our obligations under health and safety laws
> ensure effective business administration
> ensure adherence to Firm rules, policies and procedures
Where the Firm processes other special categories of personal information, i.e. information about their racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring and in line with our data protection policy. Personal information that the Firm uses for these purposes is either anonymised or is collected with their explicit written consent, which can be withdrawn at any time. It is entirely their choice whether to provide such personal information.
We may also occasionally use their special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.


Change of purpose
We will only use the client’s personal information for the purposes for which we collected it. If we need to use their personal information for a purpose other than that for which it was collected, we will provide them, prior to that further processing, with information about the new purpose, we will explain the legal basis which allows us to process their personal information for the new purpose and we will provide them with any relevant further information. We may also issue a new privacy notice to them.


Who has access to clients’ personal information?
Clients’ personal information may be shared internally within the Firm and IT staff if access to their personal information is necessary for the performance of their roles.
The Firm may also share their personal information with third-party service providers (and their designated agents), including:
> external IT services
> external auditors
> professional advisers, such as lawyers and accountants

The Firm may need to share their personal information with a regulator or to otherwise comply with the law.
We may share their personal information with third parties where it is necessary to administer the contract we have entered into with them, where we need to comply with a legal obligation, or where it is necessary for our legitimate interests (or those of a third party).

How does the Firm protect clients’ personal information?
The Firm has put in place measures to protect the security of clients’ personal information. It has internal policies, procedures and controls in place to try and prevent their personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to their personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities. They can obtain further information about these measures from our data protection officer.
Where their personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect the client’s personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process the client’s personal information for specified purposes and in accordance with our written instructions and we do not allow them to use the client’s personal information for their own purposes.
The Firm also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and the client of a suspected breach where we are legally required to do so.


For how long does the Firm keep clients’ personal information?
The Firm will only retain clients’ personal information for as long as is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, tax, health and safety, reporting or accounting requirements.
Once our engagement to perform services for them has come to an end, we will generally hold their personal information for six years, but this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to fifteen years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, County Court or High Court.
Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.
In some circumstances we may anonymise clients’ personal information so that it no longer permits their identification. In this case, we may retain such information for a longer period.

Clients’ rights in connection with their personal information
It is important that the personal information we hold about our clients is accurate and up to date. Please keep us informed if personal information changes, e.g. change of home address, during the client’s working relationship with the Firm so that our records can be updated. The Firm cannot be held responsible for any errors in clients’ personal information in this regard unless they have notified the Firm of the relevant change.
As a data subject, the client has a number of statutory rights. Subject to certain conditions, and in certain circumstances, they have the right to:
> request access to their personal information - this is usually known as making a data subject access request and it enables them to receive a copy of the personal information we hold about them and to check that we are lawfully processing it
> request rectification of their personal information - this enables them to have any inaccurate or incomplete personal information we hold about them corrected
> request the erasure of their personal information - this enables them to ask us to delete or remove their personal information where there is no compelling reason for its continued processing, e.g. it is no longer necessary in relation to the purpose for which it was originally collected
> restrict the processing of their personal information - this enables them to ask us to suspend the processing of their personal information, e.g. if they contest its accuracy and so want us to verify its accuracy
> object to the processing of their personal information - this enables them to ask us to stop processing their personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to their particular situation which makes them decide to object to processing on this ground
> data portability - this gives them the right to request the transfer of their personal information to another party so that they can reuse it across different services for their own purposes.
If the client wishes to exercise any of these rights, please contact our data protection officer. We may need to request specific information from them in order to verify their identity and check their right to access the personal information or to exercise any of their other rights. This is a security measure to ensure that their personal information is not disclosed to any person who has no right to receive it.
In the limited circumstances where the client has provided their consent to the processing of their personal information for a specific purpose, they have the right to withdraw their consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on their consent before its withdrawal. If they wish to withdraw their consent, please contact our data protection officer. Once we have received notification that they have withdrawn their consent, we will no longer process their personal information for the purpose they originally agreed to, unless we have another legal basis for processing.
If the client believes that the Firm has not complied with their data protection rights, they have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues.


Transferring personal information outside the European Economic Area
The Firm will not transfer clients’ personal information to countries outside the European Economic Area without their express informed written consent.


Changes to this privacy notice

The Firm reserves the right to update or amend this privacy notice at any time, including where the Firm intends to further process clients’ personal information for a purpose other than that for which the personal information was collected or where we intend to process new types of personal information. We will issue them with a new privacy notice when we make significant updates or amendments. We may also notify them about the processing of their personal information in other ways.


Contact
If you have any questions about this privacy notice or how we handle clients’ personal information, please contact our data protection officer as follows: Joanna Pellman of 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB, telephone number: 01865 884400, email

Back

 
©2019 PELLMANS SOLICITORS, 1 Abbey Street, Eynsham, Witney, Oxfordshire, OX29 4TB
Pellmans Solicitors is the name of the legal practice carried on by Pellmans LLP which is a Limited Liability Partnership registered in England and Wales under number OC373200.
It is authorised and regulated by the Solicitors Regulation Authority number 611870. The term “partner” is used to refer to a member of Pellmans LLP.