This privacy notice sets out how John Boston & Company Solicitors uses and protects any information that you provide and complies with the new General Data Protection Regulations (GDPR) which came into effect on 25 May 2018 and should be read in conjunction with our General Terms and Conditions.
John Boston & Company Solicitors is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.
John Boston & Company Solicitors may change this policy from time to time by updating this policy. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.
Your personal data is defined as “data which by itself or with other data available to us that can identify you.”
2. The types of personal data we collect and use
Whether or not you become a client we may use personal data for the purposes listed below. Most of the data we will collect directly from you, however data collected indirectly is also mentioned in this privacy notice.
The personal data we may use about you may include:
3. Providing your personal data and consent
You must provide your personal data so we can fulfil your engagement terms, unless you are already a client and we hold your details. If you do not provide the data we need or help us keep it up to date, we may not be able to provide you with our full service.
We will tell you if providing personal data is optional for example feedback requests etc. We may ask for feedback requests etc. by phone, post, email or through digital media. You can decide if you do not wish to receive these proactive requests and you have the right to opt out. You can remove your consent at any time by contacting us.
4. How we keep your data safe
We protect your information with security measures under the laws that apply and keep our IT systems, files and buildings in a safe and secure manner.
5. How long do we keep your data?
We hold your data while you are a client and, for a period of time after any disengagement, in accordance with our legal and regulatory obligations and for as long as it is needed to facilitate the purposes for which it was collected.
6. Meeting our legal and regulatory obligations
To use your data lawfully we rely on one or more of the following Legal bases:
To meet our regulatory and legal obligations we collect some of your personal data, verify it and keep it up to date through regular checks. We may also gather information about you from third parties to help us meet our obligations.
7. How we use your information
We use your information to:
We do not use your data for marketing analysis and/or analysis of behavioural trends. We do not use technology to make decisions automatically about your personal profile. We do not sell or rent your personal data to any third parties.
8. Your data and Third Parties
Sometimes we obtain from, or share your data on a confidential basis with third parties for example:
In the event of the sharing of information we shall ensure that it is done with complete confidentiality and with instructions that your personal information is used only for the purposes required and with your consent to do so where applicable.
9. International Transfers
We do not normally transfer your personal data outside the European Economic Area (EEA) to help us provide services. In the event that we do, we expect the same standard of data protection to be applied outside the EEA to these transfers and the use of your data to ensure your rights are protected.
10. Your Personal Rights
Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from 25 May 2018)
If you have any issue or complaint regarding how we handle your personal data please contact our Data Protection Officer, Chris Reilly using the contact details noted above. You also have the right to complain to the Information Commissioner’s Office. It has the enforcement powers and can investigate compliance with the Data Protection Law.