This document sets out our policy and practices on use and protection of any information that you give Williamsons when you use our services.
We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this statement of policy.
Please read the information in this policy carefully to ensure you understand our views on your personal data and how we deal with it. Williamsons may make minor changes to this policy from time to time in which case we will update this page. You may want to check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.
What we collect
Personal data collected, used, stored and transferred by us may include:-
- Identity data which includes your full name, any former name, gender, date of birth, marital status National Insurance number and job title;
- Contact information including your home address, email address, fax numbers and telephone numbers;
- Financial data including bank statements and your bank account details;
- Details provided in our client satisfaction questionnaire or other forms of feedback;
- Details if you make a complaint;
- Special category data – including specifically medical records;
- Technical data including internet protocol (IP) address, browser type, operating system and platform and other technology on devices used to access our website;
- Demographic information such as postcode, preferences and interests;
- Other information relevant to customer surveys and/or offers.
If you contact us we may keep a copy of any correspondence.
What we do with it
We collect this information for compliance with regulatory and professional standards and where we are entering into a contract with you or where it is necessary for our legitimate interests and your fundamental rights do not over ride those interests. It also helps us understand your needs and the services you might require and to optimise our own performance and service delivery. Specific activities include:-
- Improvement of our services;
- Providing you with information in particular of new services, special offers or other information which we think you may find interesting, primarily in a newsletter. If you were an existing client at 25 May 2018 you have the opportunity to unsubscribe at any time. If you become a client after 25 May 2018 you will have been invited to consent to being contacted for this purpose;
- Market research, making use of information obtained to customise and adapt the website and our services according to your feedback;
- Contact with you by e-mail, fax, telephone or mail for some or all of these purposes.
We do not use your personal data for any reasons other than those of which you are aware. We do not collect extra information about visitors to our website.
How, when and why we collect, use and allow access to your personal data
Type of data
Lawful basis for processing
When you first contact us to ask if we can assist you with our service
Confirmed instruction and to register you as a new client
To comply with a legal obligation.
Necessary for our legitimate interest and legal obligations (to ensure we meet our regulators’ requirements)
To manage the service we provide to you
Marketing and communications
Performance of a contract with you.
Necessary for our legitimate interests.
Necessary to comply with a legal obligation under the GDPR.
Allowing IT suppliers to administer and protect our business and website
Necessary for our legitimate interests (to provide a safe and efficient service).
To distribute newsletters
Marketing and communications
Necessary for our legitimate interests (to deal with our suppliers and to run our business).
How long will we retain your data
We will only retain your personal data for as long as necessary to complete the purpose for which we collected it and to satisfy any legal, accounting or reporting requirements.
To determine the retention period for holding personal data we consider applicable legal requirements and guidance set out by our regulators.
We will usually keep matter files for a minimum period of 6 years. There are occasions where the minimum retention period will be longer. For example probate files will be kept for a minimum of 15 years and after this time the detail of the file will be reviewed and if required the matter may be kept for a longer period of time. Cases involving property work will be retained for a minimum of 15 years. Will files may be kept indefinitely because of the very long periods of time that may elapse before a challenge and enquiry into the advice we gave and action we took at the time.
Under the terms of section 40 of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 we have to retain records and information obtained to complete our due diligence checks for five years after the end of our business relationship.
If you write or email us with your curriculum vitae or complete an application form for recruitment this information will not be passed to anyone else without your consent. We will hold the information you have given us for two years after which time the data will be deleted.
We may anonymise your personal data when collating statistics for research purposes and this information will remain indefinitely without further reference to yourselves.
A full copy of the firm’s data retention policy can be obtained from the Data Protection Manager, Hayley White, by emailing her at firstname.lastname@example.org or by writing to us at 2 Church Street, Crewkerne, Somerset, TA18 7HR.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have in place physical, electronic and managerial systems to safeguard and secure the information we collect from you. We will not disclose your personal data to other organisations unless it is required in the course of your transaction, when providing our services or if you have consented to its release. Examples of when we may need to share your information include sharing with professional advisers, for example barristers or experts that we instruct or those representing the other side in the transaction.
We may share information with our regulators when they complete their assessments for quality control and also with our auditors and insurers.
We outsource some of our computer systems to specialist providers. We have entered into contracts for their services which protect the information that they hold and process on our behalf.
A cookie is a small file sent to your computer's hard drive to help analyse web traffic or let you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website to better meet our clients’ needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Follow the link here if you want more information about Google Analytics.
You can accept or decline cookies. Most web browsers accept them by default, but you can usually modify your browser setting to decline cookies if you prefer but this may prevent you from taking full advantage of the website functionality.
Links to other websites
Our website may contain links to other websites of potential interest to our clients and visitors. You should note that once you have used any such links to leave our site, we no longer have any control over the data passing between you and the third party.
Consequently, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites which are not governed by our privacy statement. If in doubt, you should exercise caution and read the privacy statement relating to the third party website.
Sharing of personal data outside of the European Economic Area
Some of our external suppliers are based outside the European Economic Area (EEA) so their processing of your data will involve a transfer of data outside the EEA. The suppliers we use based in the US are participants in the Privacy Shield program which requires them to provide protection of personal data in a similar way to European regulations.
We have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We limit access to your data to only those employees or consultants appointed by the firm to handle your transaction/case and suppliers who have a business need to know.
Be alert to the fact that information passed over the internet is not secure and we do not give visitors to our site the option of using a secure transmission method to send us their personal data. We have put in place procedures to deal with any suspected personal data breach and will notify you and relevant regulators where we are legally required to do so.
Controlling your data
You may choose to restrict the collection or use of your personal information.
If you have previously agreed to use of your personal data for direct marketing purposes, you may change your mind at any time by writing to us. You can e-mail or fax us. Our newsletter gives you the option to unsubscribe.
We will not sell, distribute or lease your personal information to third parties unless we have your consent or are required by law to do so.
Right of access - subject access requests (SARs)
You may request details of personal information which we hold about you under the European General Data Protection Regulation.
Right for mistakes to be corrected
If you believe that any information we hold about you is incorrect or incomplete, please contact us as soon as possible. We will promptly correct any material errors.
Right to be forgotten
You can request that the personal data we hold is removed from our system. This enables you to ask us to delete personal data where there is no good reason for us to continue processing it.
You can also ask us to remove the personal data where you have successfully objected to the processing, where we have processed your personal information unlawfully.
We may not be able to delete the data for specific legal reasons which will be explained to you, if appropriate, when we respond to the request.
Right for processing to be suspended
Processing of your personal data can or will be suspended:
- by us, where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- where we no longer need the personal data for the purposes of processing, but you require us to hold the data as you need to establish, exercise or defend legal claims;
- where you have objected to our processing of your data and a decision is awaited as to whether the data is held by us on legitimate grounds
- where processing is found to be unlawful but you oppose the erasure of the personal data until the matter is rectified
Right for third parties to be advised
We shall communicate any amendment or erasure of personal data or restriction of processing carried out in accordance with the rights above to each third party to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those third parties if you request it.
Right to data portability
You have the right to request the transfer of your data to you or to a third party. We will provide to you or the third party you have chosen, your personal data in a structured, commonly used and machine-readable format. This right only applies to automated information which you consented for us to use or information provided to perform a contract with you.
Right to object
You can object to the processing of your personal data unless we can demonstrate compelling legitimate grounds for the processing which will override your rights and freedoms. You also have the right to object at any time to any direct marketing. Where your personal data is processed for scientific, historical research or statistical purposes you have the right to object to its processing, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Right to object to automated decision making
You have the right not to be subject to a decision based solely on automated processing, which includes profiling, which produces legal effects concerning you or similarly significantly affects you. This right will not apply where the decision is necessary for entering into, or performance of, a contract between you and us, our regulator authorises or is based upon your specific consent.
If you have any queries or complaints relating to how we use your data please contact our Data Protection Manager, Hayley White, by emailing her at email@example.com or by writing to us at 2 Church Street, Crewkerne, Somerset, TA18 7HR. Any request will be dealt with as quickly as possible and a reply will be provided within one month of the request.
MRW Law Ltd is a registered data controller, licensed by the Information Commissioner’s Office under number Z2951226. For further information visit the Information Commissioner’s Office website.