This policy sets out the basis on which any personal data you provide to us or that we collect from you, will be processed.
Purpose of Policy
Processing personal data is fundamental to the work carried out by the firm. Boyletts Law Limited takes the protection of your personal information very seriously and the firm has controls in place to ensure that the information you entrust to us will be held securely and processed in accordance with the General Data Protection Regulation (GDPR).
Boyletts Law processes personal data of a number of different categories of individuals and the firm is the Data Controller in these circumstances. The firm’s full contact details can be found at the foot of this policy.
The ‘Data Subject’ referred to in this policy is the individual whose personal information we hold and could relate to clients, employees or suppliers of the firm or other identifiable individuals.
This policy sets out the information you need to know in order to understand how the firm will process and protect your information. The information contained in this policy is provided to individuals whose data the firm processes and who will be referred to as ‘you’ or ‘your’ in this policy, to comply with our obligations under Articles 13 and 14 of the GDPR.
Why does the firm need your information?
Your personal information is required to allow the firm to offer its services to you and to comply with our legal duties. Personal information may be collected and processed for the following reasons:
- providing legal services;
- professional indemnity insurance;
- managing security and other risks in the business;
- statutory and regulatory returns and compliance;
- analysis and reporting to assist us in managing the firm;
- for other business-related purposes such as updating and enhancing client records.
Personal information may be disclosed to our service providers, agents or other trusted third parties for the above reasons.
What information do we obtain?
The firm will only collect relevant and necessary information to allow us to provide our service to you or discharge our legal responsibilities. The information we will collect will include:
- personal information such as your name, address, email and telephone number;
- information in relation to your particular circumstances in order to deal with the matter you have instructed us to deal with;
- financial information such as bank details and wealth management information as well as bank statements and other evidence of source of funds and wealth to comply with Anti-Money Laundering Regulations.
- medical conditions to assist with the transaction which we are undertaking on your behalf in order that the service may be tailored to your needs and in the event of an emergency, we may pass this information to the emergency services.
This is not an exhaustive list and other relevant information may be captured by the firm as part of the transaction or the relationship we have with you.
The firm collects information via face to face meetings, via its website, through ID verification to include electronic ID verification and through other documentation and forms relating to the service being provided. The firm’s website address can be found at the foot of this policy.
Legal basis for processing your data
The firm is required to clearly document our legal basis for processing your data in accordance with the rules set out in the GDPR. The basis given are contained in Article 6 of the GDPR and at least one of them must apply in order to process data. The key ones that apply to the firm in the course of its business are:
- Article 6(a) Consent: the individual has given clear consent for the firm to process their personal data for a specific purpose. We obtain consent for marketing purposes or where we need to store special category data.
- Article 6(b) Contract: it is necessary to process your data in order to deliver our service/ ‘contract’ to you.
- Article 6(c)Legal Obligation: it is necessary to process your data to comply with the law (not including contractual obligations) and therefore it is a legal obligation of the firm.
- Article 6(d) Vital Interests: this basis applies in a ‘life or death’ situation when the processing is necessary to protect someone’s life.
- Article 6(f) Legitimate Interests: it is necessary to process your data for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides the legitimate interests. We would consider that we have a legitimate interest in processing your data to provide our services detailed in the contract between us.
How do we process your information?
The firm will only use your personal information for the purpose for which it was given. The firm will not keep it for longer than is necessary and will destroy the information securely using formal procedures.
In order to process your personal data obtained on the website and via financial transactions we use trusted and authorised secure third-party websites. Personal or sensitive information is not held or shared by third parties including any outside of the UK.
Who do we share your information with?
We may be required to share your information with trusted third parties such as experts, barristers or other legal counsel. This will only be done to fulfil the contract for which we are providing services to you.
We may also need to share your information with our bank, insurers, our regulatory body, CILEx Regulation, the Information Commissioners Office or the National Crime Agency to comply with Anti-Money Laundering Regulations and regulatory obligations.
We will never share or sell your personal information to any other third party. We will only share your personal information with another third party where we are required to so by court order or by law.
In the event the firm is the subject of a merger or takeover then your personal information will be passed to the new entity, but it will only be authorised to be used for the same or similar purposes you gave it for. Similarly, if the name of the firm changes you will be informed of the change and given the opportunity to withdraw consent.
Reporting a breach of personal data
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
If a personal data breach is experienced, we will consider whether this poses a risk to you. We consider the likelihood and severity of the risk to people’s rights and freedoms, following the breach. Once we have made this assessment, if it is likely there will be a risk then we will notify the Information Commissioners Office. In the event the risk is unlikely we do not have to report the breach.
How long do we hold your information for?
In accordance with data protection requirements we will only keep your personal data for as long as is necessary in accordance with our business and regulatory needs. For further information please contact the Director of the firm, Kim Boylett.
Where do we store your information?
Your personal information will be hosted securely in the UK. If we transfer your information to a data process, for example, an email broadcast company to assist us in keeping you up to date with announcements, news and information and they are located outside of the EEA, we shall take all reasonable steps to ensure that your information is protected as if we hosted it ourselves. No information is transferred or backed up outside of the UK.
We may wish to keep you informed of our activities, events and relevant sector updates, but will only do so with your express permission.
The firm may use Google Analytics to analyse the use of our website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ devices. The information generated relating to our website is used to create reports about the use of our website. Details captured during your visit will include, but will not be limited to traffic data, location data, weblogs and other communication data and resources your access, however all data collected is anonymous and will not identify you as an individual.
We do not actively market to children and we never knowingly ask a child to reveal personal information. Personal information on minors is sometimes required to allow us to offer specific services relevant to the matter for which we are providing advice. However, information will always be obtained from, and permission requested from a parent or guardian or other appropriate adult.
Employees and Job Applicants
We will collect all personal information required to comply with employment legislation and if relevant, to make reasonable adjustments at the recruitment stage. This information may include where necessary sensitive “special category” data. This may include medical information and where appropriate we will perform a criminal record search. To prevent discrimination, and ensure diversity we will request information from the Data Subject on religion, sexuality and ethnicity in order to comply with our regulatory requirements.
Your rights as the data subject
You have certain rights under existing data protection law, and these are listed below:
- You have the right to have a copy of the information which we hold on you. Unless there is a legitimate reason why you cannot make the application in writing, your request should be addressed in writing by letter or email, to the Data Protection Officer shown below. The contact is Kim Boylett who is the Director of the firm.
- You have a right to object to processing that is likely to cause or is causing you damage or distress.
- You have a right to prevent processing for direct marketing. To do so you should simply email or call us as described above and we will stop sending marketing materials to you.
- You have a right to object to decisions being taken by automated means. This firm does, however, carry out electronic verification checks against individual clients and where the firm is unable to satisfactorily verify clients’ identity in accordance with its Anti Money Laundering Policy and Procedures the firm will be forced to cease acting for you.
- You have the right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete.
- You have the right to restrict the use of your information. This means you have the right to stop us from using your personal information or limit the way in which we can use it;
- You have the right to erasure/ the ‘right to be forgotten’. This is where the processing of your information is based on your consent, the right to withdraw that consent and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we do not rely on your consent to carry out the processing or if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim).
- You have the right to data portability. You have the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible.
- You have a right to claim compensation for damages caused by a breach of the Data Protection Act.
Boyletts Law Limited is not required to give you information in certain circumstances where personal data we process is collected and processed by us in the context of our work advising and representing our client. Article 14 of the GDPR states that it is not necessary to supply information about the data we process where that information has not been received from the individual concerned and “where the personal data concerned must remain confidential subject to an obligation of professional secrecy regulated by English law”.
In addition, we are exempt from providing information about disclosures of personal data to us or by us where the disclosure is:
- required by an enactment, a rule of law, or an order of a court
- necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)
- necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights
- processing of personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings.
Other exemptions will relate to the matters on which we are asked to advise our clients.
The firm will provide training to all personnel about their data protection responsibilities as part of the induction process and at regular intervals thereafter.
Personnel whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy will receive additional training to help them understand their duties and how to comply with them.
Annual Internal Audit
The firm will undertake an annual internal audit of all data that we hold and how it is being used. A record will be kept having checked our data bases and that the necessary consent and our legal obligations remain in place for the holding of such data and the purposes that the data is being retained.
The Director of the firm will be responsible for ensuring this audit takes place and the date for each annual audit will be inserted into the Director’s paper and electronic diaries to ensure compliance.
Data Protection Officer Contact details
Data Protection Officer
Contact Kim Boylett
Address: G22 ALLEN HOUSE, ALLEN HOUSE BUSINESS CENTRE, THE MALTINGS, STATION ROAD, HERTS, CM21 9JX.
Email: [email protected]
Information Commissioners Office registration details
Boyletts Law ICO Registration Number ZA779637.
If you are unhappy with how we have processed your personal information, please firstly contact the Data Protection Officer listed above. If you are still unhappy you may contact the following:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745
Boyletts Law Limited
If you would like to arrange an appointment please contact our friendly team today on 01279 295047
or by completing our online enquiry form.