GDPR Assesment & Policy

GDPR ASSESSMENT

  1. What data do we hold
  2. Personal Information
  3. Financial Information
  4. Personal/financial documents
  5. How are they held
  6. On computer database
  7. In hard copy
  8. Who has access?
  9. Fee earners – subject to professional obligations
  10. Ancillary staff – subject to contractual obligations

Risks

  1. Theft of Information prevented by
  2. Software suppliers, Redtree, ensure protection software to date;
  3. Fee earners and staff ensure that passwords are upgraded to provide maximum security.
  4. Loss of Information
  5. Prevented by continuing awareness and training of all staff;
  6. The policy that no hard copy files or documents are removed from the office without authority of a Director
  7. Accidental Sharing/Disclosure of Data prevented by
  8. Emails bear confidentiality notice
  9. Confidential documents are generally issued via post and are sent on a “Signed For” basis
  10. Staff and Directors awareness and care

GDPR POLICY STATEMENT

Atkinsons Solicitors Limited collects and retains personal information about you and this statement is made to comply with requirements of the General Data Protection Regulation and is intended to inform you:-

  • How we collect information;
  • What information we collect;
  • Why we collect information;
  • How we use your information and the Legal basis for doing so;
  • How long we keep your information;
  • Our policy is to protect your personal information;
  • Your GDPR rights; and changes to our GDPR policies
  1. How we collect your personal information and process your personal information from emails you send to us via our website or to our solicitors and ancillary staff;

From completion of client information forms, questionnaires and court forms completed by you or us on your behalf.  Your personal information may be collected from you by your provision of same through our website, by email, telephone or written correspondence or at meeting with our fee earners or ancillary staff.

  • What information do we collect
    • Personal data

This is information relating to you as a natural person including identity data (names, date of birth, gender, marital status); financial data (such as bank account, investment product details); contact data (includes your correspondence address, email address, telephone numbers); transaction data (details of invoices submitted and payments received of you)

  • Special category data

This includes details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We will only collect special category personal data that is relevant to the work that we are undertaking for you and such information will be provided by you.

  • Information re Children

You may provide information about your child(ren) we will only ask you to provide such personal information in relation to your child(ren) as necessary to enable us to discharge our obligations under the contract with you

Your child(ren) are able to exercise rights under GDPR as long as they are competent to do so.  If they are not competent you may exercise their data protection rights on their behalf

  • Why we collect personal data

We collect personal data in order to provide you with legal services in accordance with your instruction and retainer and, as necessary to comply with lawful or professional regulatory obligations.

  • How we use your information and the legal basis for such use

Typically, we use your information in undertaking work in accordance with your retainer.  The legal basis for using such information is the contract that exists between you and us.

We may also use your information as necessary for our legitimate interests e.g. in processing payments and pursuing non-payment of our fees and disbursements

We may also use your personal information in order to comply with law or our professional or regulatory obligations

Briefly we use your personal information to enable us to represent you whilst complying with our legal and regulatory obligations

We will only disclose your personal information as required by our retainer and the law.  This includes disclosure to third parties as counsel and experts retained to assist or advise you in your matter and other third parties who need to know who are equally subject to a duty of confidentiality.  Similarly, we would disclose your information where it is required e.g. to court, to statutory bodies such as HMRC in accordance with our retainer would you and our legal regulatory obligations

We do not use your personal information for marketing purposes

  • How long do we keep your information

We keep your information throughout the period of our retainer and following the ending of our retainer for a period of six years

  • Our policies to protect your personal information

Your personal information may be stored within hard copy documents upon your file(s) or within our computer database and backup storage database.

Our software providers ensure that our computer systems are protected from malicious or unauthorised access

Fee earners are bound by professional obligations to keep your personal information confidential and secure and other employees are contractually bound to protect your personal information to how it is stored and who can have access to your personal information and are bound to keep it confidential

Particularly, hard copy files and documents saved as necessary (e.g in attendance at court) cannot be removed the office without authority of a director

Where we share information with a third parties for reasons set out above we take reasonable steps to ensure that your information is kept confidential

We have systems to disclose if there has been a data protection breach and will inform you and the appropriate regulator of a breach where we are legally obliged to do so

  • Your GDPR rights

Depend on the personal information held by us and the circumstances in which and purposes for which it is held you have rights as follows

  • The right to access your personal data

This is the right to obtain a copy of the information we hold about you

  • The right to object or restrict processing of your personal data

If you are concerned about how we are using your information and object to this you can request that we stop processing your data and unless there is legitimate reason to the contrary we will comply with this request, however, your request might affect our ability to discharge our obligations under the retainer between us. We will explain the basis of our decision in any event

  • Right to rectify your information

If you believe that any personal information we hold is inaccurate or incomplete you can request that this is rectified

  • Erasure of your personal information you may request that your personal information is deleted if it has been unlawfully processed

When it should be deleted in order to comply with legal obligation; or where it is no longer necessary to retain that information for the purpose for which it was collected.

We will comply with such requests unless there is sufficient legitimate reason, legal or regulatory reason why the information should be retained and we would advise you of our decision in any event

  • Right to transfer of your personal data

You may request that all your personal information is transferred e.g. to a new solicitors.  Subject to legal and professional obligations and to our legitimate interests (e.g. in exercising lean over your files until payment of fees) we will comply with such requests.

  • Your right to complain

If you have a complaint in relation to data protection issues we will resolve this with you but if we are unable to do so you may complain to the Information Commissioners Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone number 0303 123 1113 or via their website which is https://ico.org.uk/make-a-complaint/

  • Changes to our GDPR Policies

Our GDPR policies on a regular basis and in the event of change notice will be posted on our website

If you have a query about our policies or wish to raise a concern on this statement you should contact either of our directors

  • David Alan Trott alan@atkinsonslaw.com or
  • by post to Atkinsons Solicitors, Transport House, 1 Cardiff Road, Newport, South Wales, NP19 9DX or by telephone (01633) 251118

   Updated May 2018