Privacy Policy

Please read this privacy policy notice carefully as it contains important information on how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.

Who We Are We are

Connaught Law Limited. Our office and contact details are at the end of this notice.  When we use your personal data we are regulated under the Data Protection Act 2018, and effective 25th May 2018 by the General Data Protection Regulation (“GDPR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. We are registered with the Information Commissioners Office (ICO) under registration number ZA255485 Our use of your personal data is subject to your instructions, the Data Protection Act and GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.

Personal Data we collect about you.

Personal data we always collect

  • Your name, address, email and telephone numbers
  • Information to enable us to check and verify your identity
  • Information relating to the matter in which you are seeking our advice or representation

Personal data we may collect depending on why you have instructed us

  • Your National Insurance and tax details
  • Your bank and/or building society details
  • Details of your spouse/partner and dependants or other family members
  • Your employment status and details including salary and benefits
  • Your employment records
  • Your medical records
  • Details of your previous convictions
  • Any other information necessary for the purpose of following your instructions

This personal data is required to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you. 

What we use your personal information for and why

What we use information for Why
To provide legal services to you To meet our obligations to you
To confirm your identity Regulatory requirement and professional obligation
Providing information required by or relating to audits, enquiries or investigations by regulators, professional bodies, lenders, quality schemes, insurers and similar organisations Regulatory requirement and professional obligation
The recording of telephone calls Security and training purposes
To ensure compliance with our own policies and procedures To ensure the quality of the service we provide
Statistical analysis to help us manage our practice To ensure the quality of the service we provide
Updating client records To ensure the quality of the service we provide
Marketing our services to existing and previous clients and to non-clients who have previously expressed an interest in our services To promote our services

The above table does not apply to special category personal data, which we will only process with your explicit consent (or other specific authority such as Order of the Court). Special category personal data is defined by GDPR as information relating to race, ethnic origin, politics, religion, trade union membership, criminal convictions, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

Who we share your personal data with

We routinely share personal data with:

  • Colleagues within Connaughts in order to deal with your matter and to ensure compliance with our professional obligations.
  • Other people in the course of dealing with your matter. This includes people such as your barrister, medical experts (in a personal injury case), your lender and the Land Registry (on a conveyancing matter).
  • “the other side”, their advisers and experts as your matter dictates.
  • Other organisations who provide services to us in order that we can provide our service to our clients
  • our insurers, accountants and other professional advisers to our business.
  • external auditors.
  • our banks.

We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.

We may also

  • disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
  • provide information to the National Crime Agency (NCA) (or any other body) to meet our obligations under the regulations relating to money laundering and the proceeds of crime.
  • need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. The recipient of the information would be bound by confidentiality obligations.

Where your personal data is held

Information will be held at our offices (see below). Data is also held by our IT provider at premises within the United Kingdom. We do not intend that any of your personal information held by us will be either held or transferred outside of the EU.

How long your personal data will be kept

We will keep your personal data after we have finished acting for you. We will do so for one of these reasons:

  • to respond to any questions, complaints or claims made by you or on your behalf
  • to show that we treated you fairly
  • to keep records required by law.

We will retain records for

  • a minimum period of 6 years but
  • 10 years in respect of the purchase of a property or the administration of an estate and
  • indefinitely/until 6 years after death in respect of instructions to make a Will

We will not retain your data for longer than necessary for the purposes set out in this policy. Thereafter information in both paper and electronic form will be deleted or destroyed save that we may retain for a longer period basic information (name, address and matter) which is necessary for identifying potential conflicts.

Your rights

You have the following rights, which you can exercise free of charge:

Access to your personal information and to certain other supplementary information that this Privacy Notice is designed to address;

  • Require us to correct any mistakes in your information which we hold;
  • Require the erasure of personal information concerning you in certain situations;
  • Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;
  • Object at any time to processing of personal information concerning you for direct marketing;
  • Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;
  • Object in certain other situations to our continued processing of your personal information;
  • Otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply we would refer you to the Guidance from the UK Information Commissioners Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

Email, call or write to our Practice Manager — see below: ‘How to contact us’;

  • Let us have enough information to identify you
  • provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
  • Let us know what right you want to exercise and the information to which your request relates.

 How to complain

If you are unhappy about the data we hold, how we use it or about this policy then please contact us with your concerns.  We hope that we can resolve any concerns you raise.

The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns.

Changes to this Privacy Policy

This privacy policy was published on 25th May 2018.

We may change this privacy policy from time to time when we do then if you are still a current client of the firm, we will inform you via our usual means of written communication with you.  We will also publish the updated policy on our website, www.connaughtlaw.com

How to contact us

Please contact our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

Data Protection Officer: M Riaz Anwar

By post:

Connaught Law Limited
4th Floor
Totara Park House
34-36 Gray’s Inn Road
London WC1X 8HR

By e-mail: r.anwar@connaughtlaw.com               By phone: 0203 909 8399

For further help or information Get In Touch

Related Expertise

Insights

Would you like to hear more from us?

Visit our subscriptions page to tell us a bit more about what you’re interested in so we can send you relevant news.