YOUR PRIVACY IS VERY IMPORTANT TO US
Bennett Richmond (a partnership) who provide to the general public both legal services and estate agency services.
References below to “BR” and to “we” and “our” and “us” are references to Bennett Richmond.
References below to “PD” are references to your personal data.
We are a controller of your PD and as a controller we determine what PD we collect also why and how we use share and protect PD.
This is under applicable data protection laws including from 25th May 2018 the General Data Protection Regulation referred to below as “GDPR”.
WHAT IS THE PURPOSE OF THIS PRIVACY NOTICE?
WHOSE PERSONAL DATA DO WE COLLECT?
We collect use share process and protect PD about individuals who may be prospective/current or former individual clients and where relevant, their spouses / civil partners / children and other family members… intermediaries such as accountants/ law firms/ mortgage insurance or financial advisors/ property buyers sellers investors and home owners… representatives such as directors / officers / authorised signatories / employees / agents and ultimate beneficial owners.
WHAT KIND OF PERSONAL DATA DO WE HOLD?
PD means information from which an individual/intermediary/representative can be identified. It does not include data where the identity has been removed (anonymous data).
We collect use share process and protect different kinds of PD for example… • Identity Data includes marital status/ title/ date of birth and gender/passport details/driving licence details/bank statements and utility bills and council tax demands… • Contact Data includes addresses/ email address/ telephone numbers... • Financial Data includes bank account/ payment card details/ financial and other information obtained in order to perform necessary AML / CTF / KYC checks… • Transaction Data includes details about payments to and from you / between you and others… • Technical Data includes technology on the devices used to access our website / systems... • Usage Data includes information about how you use our website / systems/ products/ services.
Our website is not intended for children and we do not knowingly collect data relating to children.
HOW DO WE COLLECT PERSONAL DATA?
PD is collected when provided to us (i) in an application form/ terms of business/ instruction communication or other related documents papers and or file notes and / or on our website/systems (ii) in correspondence and conversations with our representatives and intermediaries (iii) during transactions or the processing of your case/matter and (iv) for our anti-money laundering (“AML”) counter terrorist financing (“CTF”) and know your customer (“KYC”) checks.
Our website includes links to third-party websites, plug ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third parties or their websites and are not responsible for any issues or losses arising from there. When you leave our website, we encourage you to read the privacy notice of every website you visited.
Please note we may process the PD without your knowledge or consent, in compliance with the above rules, where this is permitted by law.
We will only use the PD for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use the PD for an unrelated purpose we will notify you with information about that further purpose before any further processing take place.
DO WE COLLECT PERSONAL DATA ABOUT YOU FROM THIRD PARTIES?
We also may collect your PD from third party sources other legal entities and individuals and publically accessible sources.
WHY AND HOW WILL WE USE YOUR PERSONAL DATA?
Our legal bases for collecting and processing of your PD with be one or more of the following:-
performance of acontract that you are a party to. This includes when we are or have been interacting with you and performing the contract and services also earlier steps prior the entering into such a contract.
compliance with a legal obligation to which the data controller are subject. This includes complying with and performing what is required for example in tax and company laws / as well as AML and CTF and KYC laws and regulations / screening against sanctions lists / registering a property with the Land Registry and others.
pursuing legitimate interests of us the data controller. These are not to override your interests or fundamental rights and freedoms such as (i) recovering debts owed by you to us (ii) mitigating business and operational risks (iii) complying with internal policies (iv) sharing your personal data for internal administrative purposes (v) investigating detecting and preventing fraud and other crime (vi) ensuring network and information security (vii) purchasing items papers or services from third parties which support us in providing our services to you and in complying with our legal obligations (viii) recording and monitoring calls and electronic communications for record keeping security quality staff training and other business purposes (ix) developing improving and informing you about BR and the firms products services and other related activities that may be of interest to you or the organisation you represent (x) maintaining the relationship and otherwise interacting with you (xi) protecting the interests of BR including establishing exercising and defending legal rights and claims
When evaluating whether legitimate interests can be relied on as a legal base for the processing activities described a balancing test is carried out to ensure that the use of your PD will not override your fundamental rights and freedoms or cause unjustified harm.
WHAT ARE THE CONSEQUENCES IF YOU FAIL TO PROVIDE US WITH THE REQUESTED PERSONAL DATA?
If we ask you to provide us with your PD to comply with a legal requirement or to allow us to enter into or perform a contract or provide services. You may be obliged to provide the PD to us. We will advise you whether you are obliged to provide the PD as well as of the possible consequences if you fail to do so. If you fail to provide the PD we may reject or delay the processing of your application case / matter and or suspend progress / suspend payments until the relevant information is received to our satisfaction. We may even have to refuse to act for you or stop acting for you or refuse to carry out your instruction.
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may disclose / share your PD or the PD of third parties that you have provided to us to / with third parties who assist us in providing the services you request from us.
We may disclose/share your PD to/with other third parties for example courts government agencies tax and other regulatory authorities when we are legally obliged to do so or when in our reasonable opinion such disclosure is necessary
We will not transfer PD to a third country or international organisation.
HOW DO WE PROTECT YOUR PERSONAL DATA?
We store data with the Microsoft Cloud (Azure) Data Centre and the Office 365 Platform.
To protect the security of your PD we will take all reasonable precautions to protect the confidentiality of all confidential information we receive from you including your PD.
The security of your PD is important to us but remember that no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your PD. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Some of our services are provided by third parties. We do not control those third parties and are not responsible for any issues or losses arising from there.
HOW LONG DO WE HOLD YOUR PERSONAL DATA FOR?
We will retain your PD as long as it remains necessary in relation to the purposes we collected it for /also to comply with our general and regularity duties according to law and as required by the Law Society and the Solicitors Regulation Authority and as required by our obligations provided to our professional indemnity insurers.
To determine the appropriate retention period, for PD, we consider the amount, nature, and sensitivity of the PD, the potential risk of harm from unauthorised use or disclosure of the PD, the purposes for which we process the PD and whether we can achieve those purposes for which we process the PD and whether we can achieve those purposes through other means, and the applicable legal requirements also our legitimate business interests.
ACCESS BY YOU
Under certain circumstances, you have rights under data protection laws in relation to you
accessing your PD. We may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your PD. This is a security measure to ensure that PD is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made several requests. In such a case, we will notify you and keep you updated.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your PD (commonly known as a "data subject access request"). This enables you to receive a copy of your PD that we hold.
Request correction of your PD that we hold so any incomplete or inaccurate data we hold will be completed or be corrected.
Request erasure of your PD. This enables you to ask us to delete or remove your PD where (i) it is no longer required for the purposes it was collected (ii) where you have successfully exercised the right to object to processing (see below) (iii) where consent given has been withdrawn (iv) where the processing does not comply with the GDPR. Note however that we may not always be able to comply with requests for the erasure as a result of specific reasons which will be notified to you, if applicable at the time of the request.
Object to processing of PD where we are relying on our legitimate interests or performance of a task carried out in the public interest. You also have the right to object where we are processing such PD for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process the PD which override your rights and freedoms.
Request restriction of processing of the PD. This enables you to ask us to suspend the processing of your PD in the following scenarios: if you need us to establish the accuracy of the PD; where our use of the PD is unlawful but you do not want us to erase it; where you need us to hold the PD even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to the use of the PD but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your PD to you or to a third party. We will provide to you or a chosen third party the PD in a structured commonly used machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the PD to perform the contract.
Withdraw consent at any time. You may do this where we are relying on consent to process your PD. However, this will not affect the lawfulness of any processing carried out before the withdrawal of your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We may even have to refuse to act for you or to stop acting for you or refuse to carry out your instruction. We will advise you if this is the case at the time you withdraw your consent.
MAKING A COMPLAINT
You have the right to make a complaint at any time to the Information Commissioners Office that is the UK supervisory authority for data protection issues (www.ico.org.uk). We would however appreciate the chance being offered to us to deal with your concerns before you approach the ICO so please contact us in the first instance by making an appointment of sending an email or letter to:-
Please contact: Mark Davies (Data Protection Officer)
Postal Address: Bennett Richmond 33 Front Street Consett County Durham DH8 5AB
Telephone Number:01207 504141
Email address (Data Subject Access Requests only): firstname.lastname@example.org
You may also have the right to lodge a complaint with the Legal Ombudsman again however we would appreciate the chance to deal with your concerns before you approach the Legal Ombudsman so please contact us in the first instance.
BENNETT RICHMOND (25.05.18)