DATA PRIVACY POLICY

This Data Privacy Policy is to be read in conjunction with our Terms and Conditions and sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by Alletsons Limited (referred to as “we” or “us” in the remainder of this policy).

Please read it carefully to understand why data is collected and what we do with the data once it is in our possession.

Accountability

Data is collected, processed and stored by Alletsons of 8 Castle Street, Bridgwater, Somerset TA6 3DB and will be known as the Data Controller. We are registered with the Information Commissioners Office under number Z1306537 and our Data Register Entry can be found on their website or a copy can be provided upon request. We are registered as a Limited Company under number 6509052 and we are regulated by the Solicitors Regulatory Authority (SRA) under number 485301.

We have appointed Ben Davies as our Data Protection Officer.  He can be contacted on 01278 456621 or via e-mail Ben.Davies@alletsons.co.uk.

Information we may collect from you

We will ask you for personal data only when it is needed to provide services you have enquired about, or asked us to provide, or to respond to your requests for information. This Data Privacy Notice is only intended for clients and prospective clients. 

Typically we will need:

• Your Full Name;

• Your Date of Birth;

• Your Address;

• Your E-mail Address;

• Your Telephone Numbers

And if a transaction is involved your:

• Your Bank Account Details;

• Source of Funds and supporting documentation.

We may also ask you about medical or other information of a sensitive nature if this information is required to carry out your work.

To comply with our legal obligations under the Anti-Money Laundering Regulations we are required to verify your identity and we are likely to ask you to provide copies of identification documentation and respond to any queries we may have.

If you are unable to provide us with this information we may have to carry out an online search to assist us in verifying your identity. Whilst we appreciate that these requests can be intrusive we are unable to continue with your matter until we have verified your identity. Once your matter has been concluded your personal data will be destroyed in line with our archiving procedure.

Individuals under 16

As the nature of our work means that we are not usually instructed directly by individuals under 16 but through their parents or legal guardians, if you are an individual under 16 and require further explanation or advice about the way in which we would use your data, please contact Ben Davies who will be able to assist you.

How we collect this information  

• You may volunteer to give us information about you by completing instruction forms or by corresponding with us by phone, e-mail or otherwise. 

• Through the provision of legal services to you.

• You must have Authority to disclose personal data if it relates to someone else and all the data disclosed should be accurate and up-to-date.

• We may receive information from third parties in order to allow us to carry out work on your behalf. These organisations are typically, but not limited to, the following:-

          • Estate Agents;

          • Mortgage Lenders;

          • Organisations who have referred work to us;

          • Other professional firms such as Accountants.

Categories of Personal Data Held

At Alletsons, we will always aim to keep requests for information to the minimum level required to carry out your matter. The types of personal data that we may collect include, but is not limited to, the following:

• Contact Details (Names, Address etc);

• Professional Information such as Job Titles, Professional Experience and Qualifications;

• Technical Information – when visiting our website we may record details about your visit, including Internet protocol (IP) address used to connect your computer to the internet, browser type and version, time zone setting, operating systems and platform. Information about your visit may include the full Uniform Resources Locator (URL), clickstream to, through and from our site (including date and time); products you viewed or searched for, page response times, length of visit.

Any information automatically retrieved from the website will be used primarily in aggregate form, so that no individual users are identified. For more information please see our Cookie Policy.

Depending on the work you have asked us to carry out we may be required to ask for more sensitive personal data to include:-

• Religious beliefs or Philosophical Beliefs;

• Racial or Ethnic Origin;

• Sex Life and Sexual Orientation;

• Political Opinions;

• Physical or Mental Health or Condition;

• Genetic Data;

• Biometric Data used to uniquely identify an individual;

• Details of offences and related proceedings.

We may need to share this information, in certain cases, with third parties, such as medical professionals, Local Authorities. This is only done when there are safeguards in place to ensure that the information remains confidential and secure.

Use of the Personal Data Held

Our main reason for requesting personal data is to allow us to carry out the work you have instructed us to complete.

Your personal data may be used for:

• Verifying your identity to satisfy the Anti-Money Laundering Regulations;

• Establishing the source of funding for the transaction you have asked us to carry out;

• It may be necessary where a third party or family member is providing the funding that we request personal data from them, once provided to us this will be subject to the terms of this Data Privacy Policy;

• Communicating with you during the course of the transaction;

• Providing you with advice, preparing documentation on your behalf; completing transactions; Dealing with your enquiries and requests;

• Keeping financial records of your transactions and transactions we make on your behalf. We do not store card payment details on your file;

• Seeking advice from third parties in connection with your matter;

• Assisting you with completing the funding application if it involves Legal Aid;

• Responding to any allegation of negligence of complaint made against us;

• Internal and Compliance Management:

          • Monitoring Sources of New Work and New Enquiries;

          • Storage and Archiving of Files, Wills and Deeds; 

          • Marketing and Cross-Selling Purposes;

          • Feedback and Improvements to our services.

Disclosure of Data

During the course of your matter it is inevitable that we will need to disclose some information outside of Alletsons, but these disclosures are only made when required in your transaction. Examples include:

• Courts;

• Solicitors acting on behalf of the other side;

• HM Land Registry in property transactions;

• Counsels to obtain further Advice and assistance in your matter;

• Bank or Building Societies or other lending organisation;

• Solicitors Regulation Authority; Legal Ombudsmen;

• Legal Aid Agency;

• Auditors in relation to SQM, Lexcel or any other Quality Marks;

• Any disclosure required by law in particular in relation to the prevention of financial crime and terrorism.

There are some uses of personal data which require your specific consent and we will contact you to explain what they are and also ask for your consent should the need arise during your matter. You are free to withdraw your consent at any time.

Sharing of Data

We will not share your personal information with any third party unless the needs arises during the course of the matter. Data may be shared to complete your legal work and as required by law. As your information will be stored on our computer network, it may be shared with your system maintenance (currently Hosted Accountants) for fault diagnostics but we will take all the necessary steps to protect your data should third party access be required. We will never sell your personal information to third parties.

Where we store your Personal Data

Data transferred outside of the EEA

Where possible your personal information will be processed within the EEA. However, for reasons described above we may need to disclose your data to organisations physically located outside of the EEA. Should this be necessary, the same high level of security precautions will be employed to keep your personal information safe.

Internet

Given that the internet is a global environment, using the internet to collect and process personal information necessarily involves the transmission of information on an international basis. Therefore, by browsing our website and communicating electronically with us, you acknowledge and agree to our processing of personal information in this way. The transmission of information via the internet is not completely secure. Although we do our best to protect personal information, we cannot guarantee the security of your information transmitted to this website, any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

Our website may, from time to time, contain links to other websites which are outside of our control and not covered by this Privacy Policy. We do not accept responsibility or liability for other sites’ Privacy Policies. If you access other websites using the links provided, please check their policies before submitting any personal information.

How long will we keep your personal data for?

Data may be held on our computers or in manual files. It is our policy to only retain the data for as long as it is needed to:

• Carry your instructions;

• Be required by law to be kept;

• Until the period that you could make a claim against us has elapsed, normally seven years after the conclusion of the matter, or in the case of matters involving children until their 25th birthday?

• For the duration of any Trust, plus a further six years;

• Wills and associated documents are kept indefinitely (can be kept for 75 years from the date the Will was signed).

• Probate matters where there is a surviving spouse or civil partner, are retained until the survivor has died in order to deal with the transferrable inheritance tax allowance;

• Deeds relating to unregistered property are kept identifineity as evidence of ownership;

• Comply with any specific client requests to retain their data over and above our retention periods.

Information obtained from prospective clients are retained for a period of six months to allow for the provision of quotes or any subsequent follow up work.

Data Protection and Security

We have policies and procedures in place to protect your data from accidental and unlawful destruction, loss, alteration, unauthorised disclosure. All of our members of staff who have access to your data have been trained to look after your confidential data in our possession.

Inaccurate Information 

If you think any of the information that we hold about you is incorrect or incomplete, please let us know as soon as possible so that we can update our records.

Access to Information 

Under the General Data Protection Regulations (UK GDPR) you are entitled to request access to a copy of any personal data that we hold in respect of you. This is known as a “Subject Access Request”. Subject Access Requests can be made in any format, but to assist you we have prepared a form which you can complete and return to us. It is not a necessity that this form is completed. You will be asked to verify your identity. 

Please make your request to Anna Upham at 8 Castle Street, Bridgwater, Somerset TA6 3DB or via e-mail annaupham@alletsons.co.uk.   

A Subject Access Request entitles you to a copy of the personal data we hold on you. As the focus of the request relates to your data it is normally your name, address, contact telephone numbers, e-mail addresses, date of birth etc and will not be the whole file of papers relating to the transaction. You can request a copy of your file, or indeed the original – there may be a cost involved in this – speak to the directors. 

What happens if I do not want Alletsons to use my personal data?

The UK GDPR provides individuals with various rights:

• The right to be informed;

• The right of access to your data;

• The right to rectification;

• The right to erasure of your data, the right to be “forgotten”.

• The right to object to specific types of processing;

• The right to data portability;

• The right to restrict processing.

Depending on the nature of the request, Alletsons will comply with it to the fullest extent possible. In some cases, this may mean that we are unable to continue to act for you, you would remain liable for any costs and disbursements incurred in respect of the work we had carried out. 

In certain circumstances you may be able to ask for restrictions to be placed on the processing of your data or to exercise your right to be forgotten. Placing a restriction on your data may mean that we could continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the requirement of the General Data Protection Regulations.

Complaints about the use of your personal data

If you have any concerns or complaints about the way Alletsons processes your data please contact Anjam Arif. Anjam is our Complaints Officer and he will acknowledge your complaint and reply to you. If you are still not satisfied with the response, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website www.ico.org.uk. Alternatively, you may contact the Legal Ombudsman on 0300 555 0333 or www.legalombudsman.org.uk .

Amendments to our Data Privacy Notice

We will advise you of any material changes to our Data Privacy Notice in a timely manner. The policy will be reviewed on an annual basis.