Privacy Policy

1. Introduction

This privacy notice sets out how John Boston & Company Solicitors uses and protects any information that you provide and complies with the new General Data Protection Regulations (GDPR) which came into effect on 25 May 2018 and should be read in conjunction with our General Terms and Conditions.

John Boston & Company Solicitors is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this privacy statement.

John Boston & Company Solicitors may change this policy from time to time by updating this policy. You should check this policy from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.

Your personal data is defined as “data which by itself or with other data available to us that can identify you.”

2. The types of personal data we collect and use

Whether or not you become a client we may use personal data for the purposes listed below. Most of the data we will collect directly from you, however data collected indirectly is also mentioned in this privacy notice.

The personal data we may use about you may include:

  • Full name and personal details including contact information (i.e. business/home address and address history, email address, Home/Business/ Mobile telephone numbers)
  • Date of birth/age
  • National Insurance Numbers
  • Financial details (e.g. Bank details)
  • Medical Information (if relevant)
  • Insurance information (if relevant)
  • CCTV recordings
  • Photographic and utility billing documents (for money laundering requirements)
  • Educational/employment details
  • Criminal convictions
  • Source of funds
  • Personal data from other persons necessary to fulfil your engagement terms. You must have authority to provide their personal data to us and share this data privacy statement with them beforehand together with what you have agreed to on their behalf.

3. Providing your personal data and consent

You must provide your personal data so we can fulfil your engagement terms, unless you are already a client and we hold your details. If you do not provide the data we need or help us keep it up to date, we may not be able to provide you with our full service.

We will tell you if providing personal data is optional for example feedback requests etc. We may ask for feedback requests etc. by phone, post, email or through digital media. You can decide if you do not wish to receive these proactive requests and you have the right to opt out. You can remove your consent at any time by contacting us.

4. How we keep your data safe

We protect your information with security measures under the laws that apply and keep our IT systems, files and buildings in a safe and secure manner.

5. How long do we keep your data?

We hold your data while you are a client and, for a period of time after any disengagement, in accordance with our legal and regulatory obligations and for as long as it is needed to facilitate the purposes for which it was collected.

6. Meeting our legal and regulatory obligations

To use your data lawfully we rely on one or more of the following Legal bases:

  • Fulfil our engagement terms
  • Legal obligation
  • Protecting the vital interests of you and others
  • Public interest
  • Our legitimate interests
  • Your consent

To meet our regulatory and legal obligations we collect some of your personal data, verify it and keep it up to date through regular checks. We may also gather information about you from third parties to help us meet our obligations.

7. How we use your information

We use your information to:

  • Fulfil our engagement terms
  • Identify ways we can improve our services
  • Protect both our interests
  • Meet our legal and regulatory obligations

We do not use your data for marketing analysis and/or analysis of behavioural trends. We do not use technology to make decisions automatically about your personal profile.  We do not sell or rent your personal data to any third parties.

8. Your data and Third Parties

Sometimes we obtain from, or share your data on a confidential basis with third parties for example:

  • Sub-contractors and other parties who help service your contract with us
  • Other parties connected to your contract including medical or financial institutions who provide us with your personal records and other information
  • Companies and persons providing a service for us (i.e. our IT supplier)
  • Legal and professional advisors for example other solicitors, barristers and accountants
  • Fraud prevention agencies
  • Government bodies in the UK (i.e. HMRC)
  • Payment systems (i.e. Visa or Mastercard)
  • Land Registry
  • Insurance companies
  • Banks or financial institutions
  • Third parties that have referred work to us
  • Courts
  • Anyone else where we have your consent or as required by law.

In the event of the sharing of information we shall ensure that it is done with complete confidentiality and with instructions that your personal information is used only for the purposes required and with your consent to do so where applicable.

9. International Transfers

We do not normally transfer your personal data outside the European Economic Area (EEA) to help us provide services. In the event that we do, we expect the same standard of data protection to be applied outside the EEA to these transfers and the use of your data to ensure your rights are protected.

10. Your Personal Rights

Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from 25 May 2018)

  • the right to be informed about our processing of your personal data
  • the right of access your personal data and see how we process it
  • the right to rectification of your data if it is incorrect or inaccurate
  • the right to erasure of your data (Known “as the right to be forgotten”)
  • the right to restrict processing of your personal data
  • the right to data portability i.e. to move, copy or transfer your personal data
  • the right to object to the processing of your personal data
  • the right not to be subject to automated decision-making including profiling

If you have any issue or complaint regarding how we handle your personal data please contact our Data Protection Officer, Chris Reilly using the contact details noted above. You also have the right to complain to the Information Commissioner’s Office. It has the enforcement powers and can investigate compliance with the Data Protection Law.