enquiries@as-solicitors.com
020 8318 4345
Make an enquiry
Menu

Data Protection Policy

Privacy Notice

This notice tells you what to expect when we collect information about individuals.

We are responsible as a ‘controller’ of personal data for the purposes of the UK GDPR.

This notice describes:

• The personal information that we collect
• How we obtain personal information
• How we use personal information
• The basis upon which we use personal information
• How long we keep personal information
• Who we share personal information with
• Which countries we transfer personal information to
• How we protect personal information
• The legal rights of individuals whose personal information we process

The personal information that we collect:

  1. Personal information (personal data) means any information relating to an identified or identifiable natural person.
  2. What we collect is very varied and includes:

• Identity and contact data – including name, date of birth, email address, postal address, telephone numbers, passport details and information provided or collected as part of our client take on or employee recruitment processes and as a result of individuals’ interactions with us in the course of our business
• Financial and transaction data – including bank account details, payment card details and details of payments from and to individuals
• Information used to provide our services – including information provided to us by or on behalf of our clients or otherwise provided to us or generated by us in the course of providing services to our clients

How we obtain personal information:

  1. We obtain personal information in different ways, including through:

• Direct contact – individuals may give us their personal information by corresponding with us by post, email or telephone or otherwise.
• Clients – our clients may give us personal information of individuals (for example a client’s employees) to enable us to provide our services
• Third parties or publicly available sources – we may receive personal information of individuals from third parties (for example disclosure by the police or CPS in connection with a prosecution) in connection with the provision of services by us to our clients or from business contact databases or enrichment services. We may also receive information from publicly available sources such as Companies House and HM Land Registry

How we use personal information:

  1. We use personal information in a variety of ways including:
    • To provide our services to our clients
    • To promote our services and to manage our relationships with clients, prospective clients and business contacts
    • To meet our legal and regulatory obligations
    • To meet our audit and insurance obligations

The basis upon which we use personal information:

  1. We will only use personal information (including special category data and data relating to criminal convictions and offences) when the law allows us to. Most commonly, we will use personal data in the following circumstances:

• Where we have supplied you (or continue to supply you) with any legal services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice.

• Where it is necessary to comply with any legal or regulatory obligation.

• When we use special category data and data relating to criminal convictions and offences it will normally be when this is necessary for the establishment, exercise or defence of legal claims or where we need to do so as an employer

How long we keep personal information:

  1. We will keep personal information in accordance with our data retention practices.

Who we share personal information with

  1. We may share personal information with third parties including:

• In the course of providing services to our clients – for example when instructing a medical expert to produce a report or counsel to provide advice

• Our professional advisers – for example our auditors, bankers and insurers

• To regulatory authorities, courts, tribunals and law enforcement agencies – for example our regulator the Solicitors Regulatory Authority

  1. Third parties to whom we transfer personal information are required to respect the security of the information and treat it in accordance with the law. We do not sell personal data to third parties.

Which countries we transfer personal information to:

  1. In the course of providing services to our clients we may need to transfer personal information outside outside the UK.
  2. If we are to do so then we put in place one of the ‘appropriate safeguards’ referred to in the UK GDPR.

How we protect personal information:

  1. We limit access to your data to those who have a genuine business need to access it.
  2. We will notify you and any applicable regulator of a suspected security breach where are legally required to do so.

The legal rights of individuals whose personal information we process

  1. Individuals have the rights set out below. If you wish to exercise any of these rights please contact our Data Protection Officer using the contact details given above.

• Request access to their personal information (commonly known as a “data subject access request”). This enables individuals to receive a copy of the personal data we hold about them and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about them. This enables individuals to have any incomplete or inaccurate information we hold, though we will need to verify the accuracy of the new information provided to us.
• Request erasure of their personal information. This enables individuals to ask us to delete or remove personal information where there is no good reason for us continuing to process it.
• Withdraw consent at any time where we are relying on consent to process the personal information. However, this will not affect the lawfulness of any processing carried out before consent is withdrawn.

Complaints

  1. Individuals have a right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.co.uk). We would, however, appreciate the chance to deal with any concerns before the ICO is approached so please contact our Data Protection Officer, using the contact details given above, in the first instance.

Dated 23 July 2024