I am committed to protecting your privacy and security. This privacy notice explains how and why I use your personal information, when I may reveal it to others and how I keep it secure.
1. Who I am
Graham Gover Limited, is a firm of solicitors trading under the name Graham Gover Solicitor.
I am registered with the Information Commissioner’s Office, which is the UK regulator for data protection.
2. Information I collect, how I use it, and how long I keep it for
I will only collect information about you if I have a lawful reason to do so. Lawful reasons include performing my contract (where you are my client), where I have a ‘legitimate interest’ (for example, if you are referred to in a matter on which I am advising), and where you have given your permission for me to use your personal information in a particular way (for example, marketing or training updates).
I may collect personal information about you for the following reasons.
2.1 Providing legal services
I use information about you to provide legal services to my client (this, of course, may also be you). You may have given me this information or it may have been provided by someone else as part of their involvement in the matter.
The information that I hold and process about you will depend on the type of matter I am dealing with. It might simply be your name, address and email address, or may include other personal information such as your date of birth.
I may also have to ask for information about your personal and financial circumstances to assess your ability to pay amounts due which I am instructed to collect or unpaid bills owed to me. This may be necessary to meet my responsibilities under court rules, other regulations and legislation and best-practice guidance issued by industry or professional organisations or to follow my clients’ policies or processes.
If I have not returned original papers I normally keep them for seven years after I have finished work on a matter, after which I will securely destroy them. If I have any electronic copies of your information, I will keep them for 15 years after I have finished work on a matter.
2.2 Checking your identity
In some circumstances the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 say that I have to collect proof of identity of my client and certain other people related to them. If I ask you for information for this purpose, I will only use the proof of identity and other personal information you give me as part of this process to prevent money laundering or financing terrorism, unless you later agree to me using it in a different way. I will hold this information for five years after the business relationship with my client ends.
2.3 Client support
As part of my ongoing support to clients, if I have provided legal services to you, I may use your information to update you on changes to the law that relate to the specific matter on which I advised you.
If you do not want to receive this information, please contact email@example.com or write to me at 10 Southernhay West, Exeter EX1 1JG.
If you have given me permission to do so, I will send you information promoting me and my services. This includes keeping you up to date with news on topics you have opted to receive.
I will not share your information for marketing purposes outside of my firm.
You can decide not to receive marketing communications or change how I contact you at any time. If you want to do so, please contact firstname.lastname@example.org or write to me at 10 Southernhay West, Exeter EX1 1JG.
If you ask me to not send you marketing emails, I will continue to hold enough information about you to maintain a record of your preference not to receive emails.
I tell other clients and potential clients in general terms (without revealing personal information) about the services I provide. Sometimes they ask for more details on specific examples. If I would like to give these people information specifically about you or the work I carry out for you, I will ask for your permission.
If you provided information by filling in the general enquiries form on my website, I will use that information to respond to your enquiry and to record and monitor enquiries.
2.5 Automated decision-making and profiling
Automated decision-making is where a decision is made about you by a computer system without any human involvement. Profiling is the automated processing of personal information to assess certain things about you. I do not use any automated decision-making systems and I do not profile individuals.
I will hold any information you have provided on a recruitment application form for recruitment purposes only. I will not pass that information to anyone else without your consent. If your application is unsuccessful, I will hold the information you give me for 12 months, after which time I will delete it.
I also use the information you give me for related purposes, such as:
meeting my legal and regulatory obligations;
analysing operational and financial systems; and
training and quality control.
3. Who has access to your information
3.1 My client
My professional obligations mean that I have to share your information with my client if I collect it during the course of a matter I am advising them on.
If I am working with you and another person or organisation on the same matter, (for example, I am acting for your mortgage lender as well as you), or with you on behalf of a another person or organisation (for example, processing an insurance claim in your name on behalf of an insurer), I may have to share information you give me with the other person involved in the matter.
3.2 Third-party experts and suppliers
When providing my legal services I may need to share your information with:
other professional advisers, such as barristers or experts, who I may instruct to advise on my clients’ behalf or who are representing the other side in the case or transaction;
the court in matters relating to legal action; or
companies or people who carry out typing, photocopying, archiving or other non-legal tasks on my files, or who provide support such as finding missing people or serving court proceedings. All of my suppliers have entered into contracts with me that include terms which protect the information that they hold or process on my behalf.
3.3 Regulatory purposes and outsourcing
I may need to reveal information about you in other situations to other people, such as:
my auditors and the Solicitors Regulation Authority for audit, quality-control and other purposes;
my insurers, whether or not you have made a claim against me;
my legal advisers; and
regulatory or tax authorities.
I do not outsource my computer systems to specialist providers.
4. Cross-border transfers
In the normal course of doing business, I will not transfer any of your information outside of the EEA. However, if I need to use experts or lawyers in other countries, I make sure that appropriate protection is in place to transfer your information securely.
5. Security precautions
I use a variety of physical and technical measures to keep your information available, safe from loss, accurate, and to prevent unauthorised access to it.
I store electronic data and databases on secure computer systems and control who has access to information (using both physical and electronic means). I use ‘the cloud’, which means that I store client information on servers which I do not own and which are not kept in my offices. I access these servers through secure connections. All of my cloud computing suppliers meet strict requirements for security and confidentiality.
6. Cookies and online analysis
Cookies are small text files that websites put on your computer so the site can remember who you are. They contain a unique, anonymous identifier, which is usually a string of letters or numbers.
I use analytical cookies in the form of Google Analytics and Google Tag Manager. They allow me to recognise and count the number of visitors and to see how visitors move around my website when they are using it. This helps me to improve the way my website works, for example, by making sure that users are finding what they are looking for easily. For more information, please view the Google Analytics cookie information page.
These cookies do not identify any person and are used only to track user experience so I can make improvements.
You can block all cookies by activating the setting on your browser that allows you to refuse the setting of cookies. However, if you do this, you may not be able to access some parts of my site. You can find more information about allowing and disabling cookies at www.allaboutcookies.org.
7. Your rights
You have the following legal rights.
The right to ask me to confirm whether I hold your personal information and, if I do, to get a copy of the information I hold. This is known as a ‘subject access request’. Exemptions, including legal privilege, could mean you may not be entitled to receive all the information I hold on you. I will tell you if there is any information I have not provided and the reason for doing this;
The right to have your information erased, although this may not apply if I need to continue to hold or use it for a lawful reason.
The right to move your information to another organisation in an electronically readable form.
The right to have inaccurate information corrected.
The right to object to your information being used for marketing.
Please keep in mind that there are exceptions to the rights above and, although I will always try to respond to your satisfaction, there may be situations where I am unable to do so.
8. Getting in touch about your rights
If you would like more information on your rights or want to enforce them, please contact email@example.com or write to me at 10 Southernhay West, Exeter EX1 1JG .
9. Complaints about how I handle your information
If you believe that I have broken your data protection or privacy rights, you can complain to me direct by contacting my Data Protection Officer using the details set out above.
If you are not happy with my response, or you want to contact the UK Information Commissioner’s Office, which regulates and enforces data protection law in the UK, you can find details about how to do this at www.ico.org.uk.
10. My information and how to contact me
I am a limited company incorporated in England and Wales. My registered number is 8008005 and my registered office is at 10 Southernhay West, Exeter, EX1 1JG.
For the purposes of anything within this privacy notice, please contact firstname.lastname@example.org or write to me at 10 Southernhay West, Exeter EX1 1JG.
11. Changes to this privacy notice
I’ll amend this privacy notice from time to time to make sure it is up to date and accurately reflects how and why I use your personal information. The current version of my privacy notice will always be posted on my website.
Last updated November 2018