This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc.
This notice does not apply to any websites that may have a link to ours.
Data is collected, processed and stored by Catherine Herries-Smith Solicitor; and we are what is known as the ‘data controller’ of the personal information you provide to us. Our Data Protection Registration is Z5663348.
Catherine Herries-Smith Solicitor is authorised and regulated by the Solicitors Regulation Authority under number 144493.
Our Data Protection Officer is Catherine Herries-Smith who can be contacted by email – firstname.lastname@example.org.
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us:
In the majority of cases personal data will be restricted to basic information. However some of the work we do may require us to ask for more sensitive information.
Information about you may be obtained from a number of sources; including:
Where you have instructed us to carry out work on your behalf, we must obtain necessary personal data to do that work. You have the right to refuse to provide that data, if you do so we may not be able to proceed with the transaction.
Under Data Protection Legislation we may collect personal data:
The following are some examples, although not exhaustive, of what we may use your information for:
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within the practice. However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information.
We use computer safeguards such as firewalls and data encryption; and we enforce, where possible, physical access controls to our files to keep data safe.
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
Under GDPR, you are entitled to access your personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing addressed to our Data Protection Officer, Catherine Herries-Smith.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.
Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Catherine Herries-Smith and you can contact them at email@example.com
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Any questions regarding this notice and our privacy practices should be sent by email to Catherine Herries-Smith at firstname.lastname@example.org.
Address:Catherine Herries-Smith SolicitorJubilee House, Globe Park, Third Ave, Marlow SL7 1EY