Data Protection and Confidentiality Notice for Clients
Under the terms of the Data Protection Act 2018 and the European General Data Protection Regulation ("GDPR") there are six grounds which justify data processing, namely
- consent of the data subject [you]
- performance of a contract [i.e. carrying out the work you have instructed us to do]
- compliance with a legal obligation imposed on us
- vital interests of the data subject [you]
- legitimate interests of the data controller [us]
- public interest
At least one of these will always apply in respect of any of your data we process.
We use the information you provide primarily for the provision of legal services to you and for related purposes including:
- updating and enhancing client records
- analysis to help us manage our practice
- statutory returns
- legal and regulatory compliance
The normal justification for us processing your data will be to enable us to perform our contract with you. Our use of that information is subject to your instructions, the law and the duty of confidentiality we owe to clients. Depending on the specifics of your case, we may need to process information of a particularly sensitive nature. We will only do this in order to progress a claim on your behalf, as permitted under Article 9.(2)(f) of the GDPR.
Under data protection legislation, you have the following rights:
- a right of access to the personal data that we hold about you including the right to ask us to provide a copy of any of it (for which there may be a nominal fee)
- the right to ask for your personal data to be destroyed (though not the automatic right to have it destroyed)
- the right to object to the processing of your personal data
- the right to withdraw your consent for the processing of personal data you have previously consented to
- the right to complain to the Information Commissioner
In addition, for your protection, we must abide by the data protection principles which are
- to process your personal data lawfully, fairly and in a manner that is transparent to you
- your personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
- your personal data must be adequate, relevant and limited to that which is necessary in relation to the purposes for which it is processed
- the personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- personal data must be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data is processed
- personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Disclosures to third parties
Our work for you may require us to pass certain information to your opponent or their professional advisors. We will only pass such information as is necessary to enable them to deal with the matter and where this is in your best interests or we are compelled to do so by the rules ofthe court or tribunal or a court order. This is justified by the performance of our contract with you and may also be justified by our need to comply with a legal obligation place on us.
Our work for you may require us to give information to third parties such as barristers, expert witnesses and other professional advisers instructed by us on your behalf or by a court or tribunal. We will discuss this with you if and when it arises before sharing any information.
We are entitled to disclose privileged and/or confidential information to the Solicitors Regulation Authority ("SRA") (for regulatory purposes), our advisers, including our legal advisers, auditors (for the purposes of auditing our accounts under the Solicitors Regulation Authority's Accounts Rules), the Legal Ombudsman (for the purposes of dealing with any complaint you may raise with the
ombudsman) and our insurers (for the purpose of enabling us to make full notification to our insurers of circumstances arising from work we undertake for you which may result in an insurance claim). All of these are obliged to keep all such information confidential. Sharing of data in these circumstances will be justified by legal obligations imposed on us and/or our own legitimate interests.
In litigation matters, where it becomes necessary to prepare a detailed bill of costs for consideration by your opponent or assessment by the court, in common with most companies, we will instruct a specialist costs draftsman to do this since this is an expert undertaking. Using a professional in this way will inevitably be more cost effective for you and result in a better chance of you recovering the maximum possible costs from your opponent. In order to do this, we must pass your file to the costs draftsman. Sharing of data for this purpose is justified by the performance of our contract with you and may, in some circumstances be justified by our own legitimate interests.
If we are required compulsorily by law to disclose documents or give information relating to your affairs pursuant to a court order or notice or demand served by any person with authority to compel such disclosure, we shall comply. We shall be entitled to payment by you for the costs of such compliance at our then existing hourly rates. Sharing data in these circumstances is justified by the legal obligation imposed on us. We may disclose relevant information to any person or company authorised by us to undertake debt collection activity against you. This is justified by our legitimate interests.
Where the work we are doing for you results from a referral to us from an introducer, we may be asked to provide information to the introducer. For example, most would like to be kept abreast of progress. We will not do give them any information without your consent.
Transfers outside the European Economic Area (EEA)
We do not transfer and data to countries outside the EEA.
If any documents or information you or we are ordered to disclose may be subject to legal professional privilege we will advise you of the opportunity to waive privilege. If you decide not to do so and this is challenged, we will be entitled to payment by you for the work we do and expenses we incur in seeking to preserve privilege on your behalf.
Retention of data
We will retain information about the work we do for you for a period of six years after we complete it. This is to ensure that we can answer any questions that arise about the matter at a later date and to enable us to check that we do not inadvertently take on other work in the future which might give
rise to a conflict of interests between you and the new client. If you are under 18 years old when we complete your work, we retain the information until you reach 24 years of age. This is justified by our legitimate interests in meeting the requirements of our professional indemnity insurers and to enable us to deal with any complaints or claims you may bring after we have finished the work we are doing for you.
Accreditations We have been awarded The Law Society's Lexcel Legal Practice Quality Mark in recognition of our quality procedures and client service. We are also accredited members of the Law Society's Conveyancing Quality Scheme. In order to maintain these accreditations we undergo an independent audit each year, during which an independent assessor checks a random selection of files to verify that we still meet the standards.
Assessors are required to maintain confidentiality in relation to your files and we are entitled to disclose your files to them because it is in our legitimate interests (and yours) to be accredited so that we, our regulators and our clients can have confidence that we work professionally, efficiently and competently. Nevertheless, if you do not want your file to be reviewed by an assessor, please let us know and we will ensure that your wishes are honoured.
We would like to send you information that we think may be of interest to you from time to time. We will not do so if you do not consent.
You and we agree not to issue any publicity material or information to the media about our relationship and the work we are doing without the other's consent, save where the information is already in the public domain.
The Data Controller is Scaiff LLP, 23 Foregate Street, Worcester WRl lDN. The person to whom you should address enquiries about data protection and privacy is Simon Shaw who can be contacted at that address, or by email to firstname.lastname@example.org or by telephone on 01905 727700.