Privacy Policy Notice – Data Protection
This Privacy Policy Notice (“Notice”) provides an explanation regarding our responsibilities and your rights regarding personal information about you that we collect and hold; how we may use it and disclose it to others.
About Us
James Murray Solicitors are solicitors who deal with a number of legal disciplines. We are registered as what is known as a Data Controller with the Information Commissioners Office (ICO). The Data we control is essentially personal information we collect and hold about you.
Purpose of this Privacy Policy Notice
The purpose of this Privacy Policy Notice is to notify you of the following subjects:
- What information we will collect, which represents data
- The legal basis for processing the information we hold
- How we may share your data
- How long we will keep the data
- Marketing data
- Your rights regarding information we hold
- Complaints Procedure regarding the use of data
What information we will collect
We will collect information about you when we first meet that includes but is not limited to your name, address, date of birth, national insurance number, the names of family members, bank account details. This information is known as Personal Data.
We will also obtain information known as Sensitive Personal Data that includes but is not limited to your ethnic origin, your health condition, details of previous criminal convictions, your doctor’s details.
How we will use the information that is collected
The information we collect about you will be used to:
- Progress the legal matter we are dealing with on your behalf
- Prevent fraudulent claims
- Identify trends
- Assess the effectiveness of advertising or promotional campaigns
- Carry out conflict checks
Who has access to the information that is collected?
Partners of James Murray Solicitors (the Firm) and all relevant staff members will have access to the information we collect. In addition, we may share the information with external organisations including but not exclusive to:
- External auditors such as Lexcel and Investors In People
- Any organisations carrying out peer review
- The Solicitors Regulation Authority
- The Legal Ombudsman
- The ICO
- IT System Providers
- The opponents in your legal matter
- The Courts
- Barristers
- Medical and other experts we instruct on your legal matter
- Witnesses
- The Legal Aid Agency where applicable
- Costs Drafting Companies
- Any organisation required or permitted by law
Please be assured any information that is shared will be controlled and may be shared for the purpose of pursuing your legal matter, in accordance with any legal requirement and ensuring that our handling of your matter meets relevant requirements.
How we will protect the information we collect
We will ensure that we have appropriate technology in place to protect the information we have from loss or misuse. We will ensure that all members of staff and outside agencies who we share the information with have agreed to keep confidential the information in line with the relevant legislation.
What is the legal basis for us collecting and holding the information we collect?
There are a number of lawful bases for processing information we hold about you. They are:
- Consent – we will require your explicit consent to process certain information. Such consent can be withdrawn by you.
- Performance of a contract – where processing of the information we hold about you is necessary we are lawfully able to do so for the performance of a contract that we are a party to.
- Compliance with a legal obligation – where processing of the information we hold about you is necessary we are lawfully able to do so if the Firm is legally obliged to do so.
- Vital interests of the data controller – we as the data controller are lawfully able to process data we hold about you if it is necessary to protect someone’s life. We can only rely upon this lawful basis if it is reasonable for you to expect this and provided it would not cause unjustified harm to you.
- Legitimate interests – we are able to process the information we hold about you if it is necessary for ours or a third party’s legitimate interests unless there is a good reason to protect the information that overrides those legitimate interests.
- Public interest – we are able to process the information we hold about you if it is necessary for us to perform a task in the public interest or for our official functions and the task or function has a clear basis in law.
We will determine the lawful basis upon which we process the information we hold about you before we begin processing that information.
How long we will keep the information we collect?
In the normal course of events we will retain the information we collect for the following periods:
- We will retain the physical file, which contains information about you, at our offices for a period of two years following the conclusion of the case we have dealt with. Thereafter, the physical file will be placed in local secure storage or onsite storage for a period of at least a further four years and no longer than seven years in total before it is destroyed.
- We will retain the physical file of minors, which may contain information about the parents or guardians of the minor and the minor, at our offices for a period of two years following the conclusion of the case we have dealt with. Thereafter, the physical file may be placed in local secure storage or onsite storage for a period of at least six years and no longer than seven years after the minor reaches the age of 18 years before it is destroyed.
- We may retain some files or documents for longer periods if required by agreement or if the Firm has a legitimate interest in doing so.
- We may retain indefinitely the computerised file, which will include the information we collect about you to ensure that we never act for another client where doing so would create a conflict of interest with our obligations of confidentiality to you. This may also allow you and us access to information we may need in the event we act on your behalf in the future or you require information from the case at any future point. We reserve the right to destroy the computerised file in line with the relevant legislation at the given time.
What are your Rights?
Under the General Data Protection Regulation you have the following rights:
- The Right to Access – you have the right to access the personal data we hold about you. If you wish to have access to the data we hold then you should make a request for the data in writing. Such a request can be made via email to:- data_protection@jamesmurraylaw.com
- The Right to be Informed – you have the right to be informed about the way we deal with your data. We will provide you with notice of our privacy policy when we attend upon you or in writing if you are already a client with the Firm.
- The Right to Rectification – if the data we hold about you is inaccurate, you have the right to have the data rectified.
- The Right to Erasure – this is otherwise known as the right to be forgotten. You are entitled to request that we delete your personal data but only in the following circumstances:
- When the data is no longer necessary.
- When the data is held and the lawful basis for holding the data is through consent and you withdraw that consent.
- When you object to the processing of the information and there is no overriding legitimate interest for continuing to process the information.
- When the data was unlawfully processed.
- When you object to the processing of data for direct marketing.
- The Right to Object – you have the right to object to the processing of the data we hold.
- The Right to Restrict Processing – you have the right to restrict or suppress the processing of the data we hold unless we can show that there are legitimate reasons for continuing to process the data.
Complaints about the use of Personal Data
If you wish to raise concerns about the way we use your Personal Data then you should contact us by email at:- data_protection@jamesmurraylaw.com or by telephone on 0151 933 3333.
You can also report concerns to The Information Commissioner’s Office by phone on 0330 123 1113 or further contact details can be found at: https://ico.orghttps://ico.org.uk/global/contact-us/
Responsibilities
Lee Massingham is our designated Data Protection Officer (DPO) and Jayne Thomas is our designated Data Protection Manager and together with all Managers in this firm are responsible for data protection.