JACKSON QUINN’S PRIVACY NOTICE RELATING TO THE USE OF PERSONAL DATA
Jackson Quinn is a firm of Solicitors providing legal services as detailed on our website. We have created this Privacy Notice because we take your privacy very seriously, and we would ask that you read this carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information, and how to contact us and supervisory authorities in the event that you have a complaint.
We always treat any personal details you give us as confidential. When we use your personal data, we are regulated under the General Data Protection Regulation (GDPR). We are responsible as a “Data Controller” for your personal data, and we are required under the GDPR to notify you of the information contained in this Notice. This Privacy Notice applies to all current and former clients, those who make enquiries of us, current and former employees, workers and contractors. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
Data Protection Principles
Under the GDPR there are six data protection principles that Jackson Quinn must adhere to. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes with this clearly being explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up to date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
We must be able to demonstrate compliance with these principles.
What Is Personal Data?
Personal data relates to any living individual who can be identified from that data. It can be anything from a name, date of birth, address (including IP address), National Insurance number, sex and religion, to medical records and other information retained by us. It is any information relating to an identified or identifiable individual.
The Personal Information We Collect From You and Use
The table below sets out the personal data we will or may collect from you in the course of dealing with your enquiry and then advising and/or acting for you:
Your name, address and telephone number
Information to enable us to check and verify your identity e.g. your date of birth or passport details.
Your National Insurance number and tax details and your bank and/or building society details.
Electronic contact details e.g. your mobile telephone number and your email address
Details of your spouse/partner and dependents or other family members e.g. if you instruct us in relation to a will, a probate matter or a family matter
Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs e.g. to enable us to process an application for Legal Aid on your behalf
Your medical records or Police disclosure relating to you
Information relating to the matter in which you are seeking advice or representation
Your employment status and details including salary and benefits e.g. if you are instructing us to act on your behalf within financial proceedings arising out of a divorce
Details of your financial situation
Information to enable us to undertake financial checks on you
Your financial details as relevant to your instructions e.g. in a family matter or for example the source of funds if you are instructing us on a purchase of a property
Details of your pension arrangements e.g. if you instruct us in relation to financial arrangements following the breakdown of a relationship
We require this personal data to enable us to provide our service to you. If you do not provide the personal data we ask for, it may delay or prevent us from providing services to you.
How and Why Do We Use Your Personal Data?
Under GDPR, we can only use your personal data if we have a proper reason for doing so. Our legal basis for collecting and storing your personal data is to enable us to provide legal advice to you, and our right to retain that data is on the grounds of legitimate interest which is to establish, exercise or to defend our legal rights in the event of any claim arising in relation to the legal advice provided.
If you provide personal data about yourself when using our website or making an initial telephone enquiry, it will only be used to give an answer to your enquiry. The personal data collected will be limited to that to enable us to be able to satisfy that this is a genuine enquiry and to answer that enquiry. We will not share your personal data with any third party except where necessary to answer a query raised by you. If we need to communicate with a third party to deal with your enquiry we will request your written consent to do so. If you then go on to formally instruct us to act on your behalf, this will be governed separately by our Terms of Business. The personal data collected to enable us to respond to your enquiry will be retained on our file management system for no longer than necessary, and up to a maximum of six years prior to destruction. It will be retained for that period on the grounds that we have a legitimate interest to do so; namely to establish, exercise or defend our legal rights arising out of any advice given.
Jackson Quinn will process your personal data to enable us to act in accordance with your instructions, and so long as we are instructed by you in relation to a matter. The legal work to be undertaken by us will be detailed in our Terms of Business letter and our Client Care Notices, which detail our obligations of confidentiality, your data protection rights, and our need to share information with third parties as appropriate in representing your interest.
Where Do We Hold Your Personal Data?
Personal data will be held at our offices. Paper based data is kept at the office where the work is carried out. Deeds and wills are stored in a fire proof safe. All of our office premises are protected by externally monitored burglar alarms. Electronic client data will be stored on our computerised systems which will contain all file details, including personal data, letters, documents, emails and ledgers.
Our computerised systems are all situated within the European Economic Area (EEA). We have appropriate security measures in place to prevent personal information from being accidentally lost, used, or accessed in an unauthorised way. Our servers are installed in a Data Centre which is manned 24 hours per day 365 days of the year. The Data Centre has their own firewalls and security. We also protect our equipment and each office’s intranet behind our own Router/Firewalls that are monitored and updated on a regular basis. We have Anti-virus/spam/malware software which is also monitored and updated on a regular basis.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will only do so in an authorised manner and are subject to a duty of confidentiality.
All paper and electronic data is stored securely and also destroyed securely. We protect personal data from loss, misuse, unauthorised use and disclosure with appropriate policies and internal training and technical measures in place to protect personal data, which is underpinned by a Data Protection Policy.
Who Do We Share Your Personal Data With?
During the progress of a case, we may need to share your personal data with a third party to ensure that your legal interests are appropriately represented. By way of example, we may be required to share personal data with:
- Professional advisers who we instruct on your behalf or refer you to e.g. medical professionals, barristers, financial advisers, other experts, the Courts and the Legal Aid Agency.
- Other third parties who need to become involved to carry out your instructions e.g. process servers, mortgage providers or H M Land Registry.
- Our insurers and brokers.
- External auditors e.g. in relation to accreditations and the audit of our accounts.
- Our bank.
We will only allow third parties to handle your personal data if we are fully satisfied that they have appropriate measures in place to ensure that your personal data is protected.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
How Long Will We Keep Your Personal Data For?
We will keep your personal data after we have finished dealing with your enquiry or acting on your behalf for any of the following reasons:
- To respond to any questions, complaints or claims made by you or on your behalf.
- To show that we have treated you fairly.
- To keep records required by Law.
We will not retain your data for any longer than is necessary for the purposes set out in this notice. Jackson Quinn have different retention periods for different types of data depending upon the type of matter on which you instructed us. We notify all clients of how long their data will be retained for at the conclusion of their case and a copy of our file retention procedure can be made available on request. When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Jackson Quinn will retain deeds in our deed storage system at your request, and retain them until asked to release them to you. Similarly, Jackson Quinn will retain wills in our wills storage system at your request, and retain them until asked to release them to you.
Destruction of Data
Paper waste is destroyed and carried out by a third party confidential waste company.
Employees and Former Employees
Any paper data relating to employees is retained securely. Any data in respect of employees is retained for six years from the date of the employee leaving our employment and is then securely destroyed.
Your Rights and Your Personal Data
You have the right to request a copy of your personal data by way of a Data Subject Access Request (DSAR) which in most circumstances will be provided free of charge. You also have the right to require us to correct any mistakes in your personal data. There are other statutory rights as regards your personal data governed by GDPR which include for the avoidance of any doubt, the right to erasure (“right to be forgotten”), erasure of children’s personal data, the right to restrict processing, the right to portability and the right to object to processing. Further information of each of these rights, including the circumstances in which they apply, can be found in the guidance from the UK Information Commissioners Office (ICO) on individuals rights under the General Data Protection Regulation. LINK: http://iso.org.uk/four-organisations/guide-2-d-general-data-protection-regulation-GDPR/individual-rights/
To exercise any of your statutory rights, queries or complaints about how we have processed your personal data, please contact in the first instance the Data Protection Officer, Miss Roz Evans, at 7 Grove Street, Retford, Nottinghamshire, DN22 6NN or by email to: email@example.com. Alternatively, you can telephone us on 01777 703111 and ask to speak to Miss Evans or our Practice Manager in her absence . You will need to let us know when you contact us what right you want to exercise and the information to which your request relates. You will need to provide us with enough information to enable us to identify you e.g. your full name, address, and let us have proof of identity and address (a copy of your driving licence or passport and a recent utility or credit card bill).
Breach of Your Data Rights
If you have reason to believe that you have been subject to a breach of your personal data rights, please contact our Data Protection Officer so that we can investigate this immediately.
How to Complain
We hope that we can resolve any query or concern you raise about our use of your information.
However, the General Data Protection Regulations give you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner (ICO) who may be contacted by telephone on 0303 123 1113 or via email at https://ico.org.uk/global/contact-us/email or at the ICO’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Changes to Privacy Information Policy