Who We Are We are
Connaught Law Limited. Our office and contact details are at the end of this notice. When we use your personal data we are regulated under the Data Protection Act 2018, and effective 25th May 2018 by the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. We are registered with the Information Commissioners Office (ICO) under registration number ZA255485 Our use of your personal data is subject to your instructions, the Data Protection Act and GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
Personal Data we collect about you.
Personal data we always collect
- Your name, address, email and telephone numbers
- Information to enable us to check and verify your identity
- Information relating to the matter in which you are seeking our advice or representation
Personal data we may collect depending on why you have instructed us
- Your National Insurance and tax details
- Your bank and/or building society details
- Details of your spouse/partner and dependants or other family members
- Your employment status and details including salary and benefits
- Your employment records
- Your medical records
- Details of your previous convictions
- Any other information necessary for the purpose of following your instructions
This personal data is required to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.
What we use your personal information for and why
|What we use information for||Why|
|To provide legal services to you||To meet our obligations to you|
|To confirm your identity||Regulatory requirement and professional obligation|
|Providing information required by or relating to audits, enquiries or investigations by regulators, professional bodies, lenders, quality schemes, insurers and similar organisations||Regulatory requirement and professional obligation|
|The recording of telephone calls||Security and training purposes|
|To ensure compliance with our own policies and procedures||To ensure the quality of the service we provide|
|Statistical analysis to help us manage our practice||To ensure the quality of the service we provide|
|Updating client records||To ensure the quality of the service we provide|
|Marketing our services to existing and previous clients and to non-clients who have previously expressed an interest in our services||To promote our services|
The above table does not apply to special category personal data, which we will only process with your explicit consent (or other specific authority such as Order of the Court). Special category personal data is defined by GDPR as information relating to race, ethnic origin, politics, religion, trade union membership, criminal convictions, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.
Who we share your personal data with
We routinely share personal data with:
- Colleagues within Connaughts in order to deal with your matter and to ensure compliance with our professional obligations.
- Other people in the course of dealing with your matter. This includes people such as your barrister, medical experts (in a personal injury case), your lender and the Land Registry (on a conveyancing matter).
- “the other side”, their advisers and experts as your matter dictates.
- Other organisations who provide services to us in order that we can provide our service to our clients
- our insurers, accountants and other professional advisers to our business.
- external auditors.
- our banks.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We may also
- disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
- provide information to the National Crime Agency (NCA) (or any other body) to meet our obligations under the regulations relating to money laundering and the proceeds of crime.
- need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. The recipient of the information would be bound by confidentiality obligations.
Where your personal data is held
Information will be held at our offices (see below). Data is also held by our IT provider at premises within the United Kingdom. We do not intend that any of your personal information held by us will be either held or transferred outside of the EU.
How long your personal data will be kept
We will keep your personal data after we have finished acting for you. We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by you or on your behalf
- to show that we treated you fairly
- to keep records required by law.
We will retain records for
- a minimum period of 6 years but
- 10 years in respect of the purchase of a property or the administration of an estate and
- indefinitely/until 6 years after death in respect of instructions to make a Will
We will not retain your data for longer than necessary for the purposes set out in this policy. Thereafter information in both paper and electronic form will be deleted or destroyed save that we may retain for a longer period basic information (name, address and matter) which is necessary for identifying potential conflicts.
You have the following rights, which you can exercise free of charge:
Access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address;
- Require us to correct any mistakes in your information which we hold;
- Require the erasure of personal information concerning you in certain situations;
- Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
- Object at any time to processing of personal information concerning you for direct marketing;
- Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
- Object in certain other situations to our continued processing of your personal information;
- Otherwise restrict our processing of your personal information in certain circumstances.
For further information on each of those rights, including the circumstances in which they apply we would refer you to the Guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
Email, call or write to our Practice Manager — see below: ‘How to contact us’;
- Let us have enough information to identify you
- provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
- Let us know what right you want to exercise and the information to which your request relates.
How to complain
If you are unhappy about the data we hold, how we use it or about this policy then please contact us with your concerns. We hope that we can resolve any concerns you raise.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns.
How to contact us
Data Protection Officer: M Riaz Anwar
Connaught Law Limited
Totara Park House
34-36 Gray’s Inn Road
London WC1X 8HR
For further help or information Get In Touch