The GDPR is important European regulations which will introduce amendments to data protection law including introducing additional rights for individuals in relation to their personal and sensitive personal data. GDRP applies to all EU Member States from 25 May 2018.
SBG Solicitors is committed to protecting and keeping confidential all the information you provide to us and we supply to you.
The company collects uses and is responsible for certain personal information about you, your firm and the clients it represents on your behalf. When it does so it is also regulated under the GDPR by the Information Commissioner and is responsible as “controller” of that personal information. The Data Protection Officer for the company is Sudesh Bopitiya.
The personal information we process, use and share
In the course of your legal transaction, we collect and or supply on your behalf personal information including the following categories:
a) general personal data (which includes normal personal data, personal identity, email address, and personal financial data); and b) special categories of personal data if these have been voluntarily provided to us (which includes ethnicity, nationality, and medical history).
How we use your personal information
We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We process your data to help advance your legal rights and interest, keeping a record of what happens when you are interviewed at the Police Station, attend a Court or any other significant meeting/conference, etc… and advise you regarding such events accordingly.
We also your personal information for related purposes including identity verification, administration of files, updating existing records if you have instructed the firm previously, analysis to help improve the management of the company, for the legal and regulatory compliance. The information will be held in hard copy and/or electronic format.
You are responsible for ensuring the accuracy of all the personal data you supply to us, and we will not be held liable for any errors unless you have advised us previously of any changes in your personal data.
We only take instructions from you and/or any authorised person/s.
If we are working on your matter in conjunction with other professionals who are advising you, including experts, barristers, social workers, etc… we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them, if we feel it is appropriate and necessary.
All IT providers we use are subject to strict confidentiality agreements with this firm and we will ensure that they meet GDPR obligations in relation to the service they provide to us. All of the personal information you provide to us is kept in the UK; we will not transfer any of your personal data to another country outside the UK unless you specifically instruct us to do so.
There may be occasions when we are under a legal duty to share personal information with law enforcement or other authorities, including the Solicitors Regulation Authority, Legal Aid Agency or the Information Commissioner. If we are required to disclose information to the National Crime Agency, we may not able to tell you that a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due to delay or our failure to provide information in these circumstances.
Occasionally some of our client files may be audited strictly confidentially by external auditors or examiners to ensure we meet our legal, quality and financial management standards. Unless you tell us otherwise, we will assume you have no objection. You may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material.
We will not share your personal information with any other third party and will not issue any publicity material or information to the media about our relationship and the work we are doing for your without your explicit consent.
How long your personal data will be kept
We will keep your file of papers (except for any of your papers that you asked to be returned to you) for no more than six years, save where specifically required by the court or otherwise to keep them for longer. We keep the file on the understanding that we have your authority, without further reference to you, to destroy all papers six years after the date of the final letter we send you for the matter. We will not destroy documents you ask us to deposit in safe custody.
In order to meet our regulatory requirements, we may be required to retain basic information about you to include your name, address and date of birth on our electronic database for a longer period.
Reasons we can collect and use your personal information
We intend to rely on the following lawful bases to collect and use your personal or sensitive personal data:
a) Your consent b) Contractual obligations c) Legal obligations d) Public task e) Legitimate interest
Under GDPR you have a number of important rights, free of charge including the following: 1. The right to be informed 2. The right to access 3. The right to rectification 4. The right to erase 5. The right to restrict processing 6. The right to data portability 7. The right to object 8. Rights in relation to automated decision making and profiling
We are obliged to provide you access to your personal data upon request without delay and at the latest within one month of receipt of such request free of charge unless your request is manifestly unfounded or excessive or repetitive. The above time limit may extend for another two months where your request is complex or numerous. If this is the case, we would inform you of such an extension of time within one month from your request explaining why the extension is necessary. Further information about these rights can be found on the Information Commissioner’s Website: www.ico.org.uk/for-the-public/
If you wish to exercise any of these rights, please: • Email, call or write to our Data Protection Officer – Mr. Sudesh Bopitiya • Let us have enough information to identify you • Let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill), and • Let us know the information to which you request relates, including any account or reference numbers. If you have them.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your personal information.
The GDPR also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns/ or telephone 03031231113.