1. Who we are and why we hold personal data
Tassells is a firm of solicitors. In the course of our work we obtain and keep personal data relating to our clients and third parties. Data relating to third parties is obtained and kept for example when we are acting in the administration of an estate or a trust, or in property transactions or where we are asked to confirm someone’s identity.
2. Why are we sending you this notice?
This notice explains how and why your personal data will be used and how long it will usually be kept, and it provides certain information which must be provided under the General Data Protection Regulation ((EU) 2016/679).
The General Data Protection Regulation was introduced to ensure that personal data, namely any data that identifies a living individual, that is processed (including obtained, recorded or held) by persons or companies is accurate, confidential and secure and used in a fair and legitimate manner. GDPR applies to both electronic (including emails) and manual (including hard-copy) data.
Penalties for breaching GDPR can be serious and can apply to both the practice and individuals. Tassells’ Confidentiality Policy should be read in conjunction with this policy.
3. Data Protection Principles
GDPR prescribes eight data protection principles, summarised as follows.
- Personal data must be processed fairly and lawfully.
- Information must only be used for the purpose for which it was originally collected unless express agreement has been received from the subject that it can be used for other purposes .
- Excessive or irrelevant data must not be stored or processed.
- The information must be accurate and, where necessary, kept up to date.
- Data must only be kept as long as necessary.
- Personal data must be processed in line with the rights of the data subject.
- Data must be kept secure at all times.
- Data must not be transferred outside the European Economic Area (EEA) without the data subject’s permission unless that country has an adequate level of protection for the rights and freedoms of the individual in relation to the processing of personal data.
We need to collect and use certain types of information about people with whom we deal in order to conduct our business. These people include current, past and prospective employees, third parties, suppliers, clients, opponents, and others that are communicated with.
5. Sharing Data
- We will only share your data for the purposes of carrying out our instructions.
- We require third party service providers to take appropriate security measures to protect your personal data. They are only permitted to use it for specific purposes connected with our instructions and not for their own purposes.
6. How long will we keep your personal data
We have to keep all the information relating to our work for as long as there may be legal challenges to the way in which it was carried out. After that period we will securely destroy the data in accordance with statutory requirements.
7. Security of Data
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way.
- We limit access to your personal data to those agents and third parties who need it to assist in the carrying out of our instructions. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
- We have in place procedures to deal with any suspected data security breach and we will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
8. Your Rights
You have the following rights;
- Request Access
This is commonly known as a “data subject access request”. It allows you to obtain a copy of personal data we are holding about you.
- Request Rectification
You can require inaccurate personal data to be corrected and any incomplete personal data to be completed.
- Request Erasure
You can require us to delete and remove personal data
- which are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or
- where the processing is unlawful; or
- where you are exercising your right to object (see below).
- Request Restriction
You can require us to stop processing for a period
- while we verify the accuracy of personal data which you contest, or
- where the processing is unlawful, or
- where we no longer need the personal data for the purposes of carrying out our instructions that you required the data for the establishment, exercise or defence of legal claims.
- Data Portability
You have the right to receive personal data you have given us in a structured, commonly used and machine readable format. You also have the right to request that we transmit this data to another organisation.
Your right to data portability only applies when:
- we are using your data with your consent or in order to keep our part of our contract with you;
- we are processing your data by automated means (ie excluding paper files); and
- it is your personal data that you have provided to us.
- Rights to Object
You have a right to object to the storage and use of your personal data in two circumstances:
- If we base the reason for holding your personal data on the ground that it is necessary for our legitimate interest or those of a third party, and there is something relating to your particular situation, which makes you want to object; or
- If we are using your personal data for direct marketing purposes.
- Right to Complain
You have a right to complain to the Information Commissioners Office, the UK supervisory authority for data protection issues (www.ico.org.uk)
If you want to review, verify, correct or request the erasure of your personal information, or object to the processing of your personal data, please contact the Data Protection Manager at our office:
20 West Street
Kent ME13 7JF