The new General Data Protection Regulations (GDPR) that came into force on the 25th May 2018 provides you with more opportunities to better control your data that you supply to us and how we deal with that data that is transparent to you. This notice lets you know what happens to any personal data that you give to us or that we may collect from or about you.
Data Protection Officer/Controller and Processor
The Regulations create 3 specific roles being a Data Protection Officer, a Controller and Processor. The Regulations does not require this firm to appoint a Data Protection Officer because of its small size. The Data Controller determines the purposes and means of processing the personal data. The Data Controller is Normanton Legal Limited trading as Normanton Legal. The Processors process the personal data on behalf of the Controller. Those people within Normanton Legal are Nicholas A Castle Solicitor and Director of Normanton Legal Limited and Maria Shackleton his Personal Assistant. Any issues and/or queries relating to the Regulations should be addressed to either of the above two at the Normanton Legal address, telephone or email.
1. What kind of documents with personal information/data or personal information might we have and process
• Copy Passports
• Copy Driving Licences
• Copy utility bills including Council Tax bills
• Death certificates and or copies
• Grants of Probate and or copies
• Copy Bus Passes
• Copy Bank/Building Society statements
• Documents we complete on your behalf whether by hand or by imputing information onto a computer screen to produce a printed version for any work we carry out on your behalf or application we make on your behalf.
• Personal and contact details such as title, full name, address and email addresses
• Your date of birth, gender or age
• Your nationality
• Your family members and relations and contact details
• Information about your property
• Financial details about you
• Details about your existing borrowings and loans
• Information about your employment status
The above lists are not exhaustive but give a general idea of what that information/data may be.
2. What is the source of that information/data
We collect personal information in the main directly from you. We may also obtain the information from organisations that we may communicate with on your behalf to complete any legal work we are instructed to deal with.
3. What do we use your personal data for
• To comply with legal and regulatory obligations we have as Solicitors governed by the Solicitors Regulation Authority (SRA) such as Money Laundering Regulations.
• Complete work we are instructed to carry out on your behalf.
• Keeping in contact with you and knowing your whereabouts.
4. Where do we keep your personal data
• Any documents or personal data are kept within the offices of Normanton Legal at CLS Business Centre, King Edward Street, Normanton. West Yorkshire, WF6 2AZ.
• Any documentation copied to comply with Money Laundering Regulations are kept within your file.
• The copier/printer also retains a copy of any such documentation copied within its memory.
• The Practice has 2 PC’s and a storage back up unit and personal data is retained on the memory systems of this hardware.
• Original Wills are kept/stored in a fire-resistant metal locked cabinet at Normanton Legal.
• The offices of Normanton Legal are locked at all times when not in use and are contained within a small locked alarmed office block with a buzzer/intercom entry system.
5. What are the legal grounds for our processing of your personal information
We must identify to you the lawful basis for our processing activity under the GDPR.
The most obvious is that you provide us with written consent to do so and we will provide you with a consent form for you to return to us which we will keep on file and record on our systems that we have received your consent. This is the most obvious way to comply with the legislation and shows us that you know about it, but we can also justify a lawful basis for processing your information data to
• Perform a contract that will exist between us and;
• Comply with a legal obligation we have.
We enter into a contract for us to provide you with legal services at a cost which can require us to process the information/data we collect from you. We also are the subject of Money Laundering Regulations that require us to collect personal information/data and documents from you to satisfy ourselves as to your identity.
6. When do we share your personal information with other organisations
Your information is only provided to other organisations where it is necessary to complete the legal work required on your behalf and which we are instructed to carry out. In the main this means with organisations/government bodies such as HMRC, HM Land Registry, The Office of Public Guardian, Her Majesty Courts and Tribunal Services and Financial Institutions. We do not share your personal information with any 3rd parties and or any marketing companies and of course as Solicitors we are bound by our duty of confidentiality in the Solicitor/Client relationship that is established in carrying out work on your behalf which is regulated under our conduct rules by the SRA.
7. How and when can you withdraw your consent
When we are relying upon your consent you can withdraw this at any time by contacting the office by phone, email or in writing. We will require such a notification in writing but if you do withdraw consent then it may affect us continuing to work on your behalf in providing legal services. You can terminate our relationship at any time but this will be subject to our Business Terms and Conditions.
8. What should you do if your personal information changes
You should tell us so that we can update our records.
9. How long is your personal information retained by us
• For as long as you continue to instruct us to provide you with legal services.
• At the end of the retainer we will at your written request return that information and documents to you and remove the information from our computer systems and storage devices provided there are no outstanding costs due.
10. What are your rights under GDPR
• The right to be informed about your processing of your personal information.
• The right to have your personal information corrected if it is inaccurate.
• The right to object to processing of your personal information.
• The right to restrict processing of your personal information.
• The right to have your personal information erased (the right to be forgotten).
• The right to request access to your personal information and to obtain information about how we process it.
• The right to move, copy or transfer your personal information.
You have the right to complain to the Information Commissioners Office which enforces data protection law where this practice is registered at http/ico.org.uk. The Head office in England is Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Telephone Number 03031231113.
We may change this privacy notice from time to time in order to reflect changes in the law and/or our privacy practices.
Original 15th May 2018
Updated 23rd October 2018