Kendal: 01539 720629

Privacy Policy

This privacy policy will explain how our organisation uses the personal data we collect from you when you use our website. On signature of our Terms of Business you consent to us holding your personal data. GDPR is a positive step towards how your data is used and how you are contacted by us. At 11 p.m. on the 31st December 2020 EU GDPR shall no longer apply to personal data held or processed within the UK. UK GDPR will apply to all data from the aforementioned date. They are essentially the same as the EU GDPR and the following rights below continue to apply. We confirm we do not normally hold your data outside the UK. If we do, we shall ensure there are sufficient adequacy arrangements or safeguards in place to protect your rights.

How will we use your data?

Lawful basis for the processing of your data

Use of Personal Data	Our reason and justification for processing	Legitimate Business Interest
Opening, progressing, closing, archiving and storing a matter / case file	Contract Legitimate Interest Legal Obligation	Fulfilling your instructions (the retainer) Complying with regulations and the law.
Direct marketing to you	Legitimate Interest	Keeping our records up to date, working out which of our products and services may interest you or telling you about them. Providing information on changes in the law and inviting you to contact us for advice.
To make and manage client payments. To manage fees, charges and interest due to clients. To collect and recover money that is owed to us.	Contract Legitimate Interest Legal Obligation	Developing and improving how we deal with financial crime including money laundering as well as complying with our legal obligations in this respect. Complying with regulations that apply to us. Being efficient about how we fulfil our legal and contractual duties.
To detect, investigate, report and aim to prevent financial crime. To manage risk for us and our clients To comply with law and regulations that we adhere to. To respond to complaints and aim to resolve them.	Legitimate Interest Legal Obligation	Comply with the SRA Accounts Rules and Code of Conduct and any other regulations which we must adhere to. Being efficient and effective in the running of the practice. To allow external consultants, advisers and auditors to inspect our files.
To exercise our rights and comply with obligations set out in agreements and contracts	Legitimate Interest Legal Obligation	Comply with contractual requirements e.g. for the provision of clients of Public Funding by Public Bodies.
To ensure the business is run in an efficient and effective way including managing the finances, planning, communications, corporate governance and audit.	Legitimate Interest Legal Obligation	Comply with contractual requirements for the provision of Public Funding and by Public Bodies.

What data do we collect?

Subject to the Standards and Regulations of the SRA with regard to client confidentiality we may share your personal data with the parties marked with an asterisk in the table below.

Sources of Data

Data	Source	Purpose
Data provided by you to us to advise or act for you.	You	For us to decide whether to accept our instructions and for us to act for you.
Data you provide to us by letter/email/telephone and other documents	You	For us to decide whether to accept our instructions and for us to act for you.
Data you provide to us when you visit our website, via a messaging service or social media	You	To allow us to deal with your query or request and to contact you if appropriate
Data you provide to us during interviews	You	To allow us to advise and represent you and to communicate with other third parties on your behalf (other side solicitors and experts)
Data you give us in client questionnaires	You	To allow us to improve our clients experience and respond to any matters of concern or which you bring to our attention.
Data provide to us by referrers and introducers *	Referrers	To allow us to contact you to enable us to decide whether to accept your instructions and agree to progress your matter
Fraud Prevention Agencies *	Agency	To allow us to comply with regulations and the law and to undertake client due diligence checks.
Estate Agents *	Agents	To allow us to act on your behalf in relation to a land transaction.
Other Solicitors *	Solicitors Firms	We shall exchange information to allow us to progress the matter and advise you accordingly.
Public Bodies *	HMRC, HM Treasury, Local Authority, Land Registry, Probate Registry, Legal Aid Agency, Police, CPS, HMCTS and other government departments this list is not exhaustive.	To allow us to advise you and progress your matter. To aim to prevent fraud and money laundering.
GP or other medical professional *	Doctor	If we require appropriate medical reports
The Legal Aid Agency *	LAA	Due to our contractual obligations we shall receive shared data from the LAA if your matter is funded by legal aid.

We do not use automated decision-making systems. All decisions are made by a person.

Consent

Consent UK GDPR in some cases requires us to obtain your explicit consent

(a) the racial or ethnic origin of the data subject,

b) political opinions,

(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e) physical or mental health or condition,

(f) sexual life,

(g) the commission or alleged commission by him of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Where acting for you involves us processing the data listed above we shall seek your explicit consent e.g. when we plan to obtain your medical records. You have the right to withdraw your consent by contacting us as stated above. However, if you do so then we may not be able to progress you case or continue to act for you.

How do we store your data?

Our business securely stores your data at our offices 2 Castle Hill, Lancaster LA1 1YR (head office) and Grosvenor House, Stramongate, Kendal LA9 4BD (branch office) and on our computer server at the aforementioned head office address.
Our business will keep your data for the purposes of the Solicitors Regulation Authority compliance which is as follows:
All files/data is destroyed after 6 years apart from Will files and Power of Attorney files which are kept during the client’s lifetime and will be destroyed 6 years after a client’s death. We shall retain your personal data for 5 years in line with the ICO regulations.
Once this time period has expired, we will delete your data by confidential shredding of your complete file and any associated documentation held on file.
Firewalls are installed on our computer server to ensure that any information is secure from threats from trojans and viruses. Cyber Essentials Certification (audited annually), and is continually updated with latest security patches to ensure compliance and limit the risk of data being infiltrated by hackers.

Marketing

Our business would like to send you information about products and services.

In the event that you would like to receive marketing material from us, then please sign and return the form which is sent out with our terms of business advising of your consent for us to do so.
If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to request that Holdens cease contacting you for marketing purposes.
If you no longer wish to be contacted for marketing purposes, please advise us in writing.

What are your data protection rights?

Our Business would like to make sure you are fully aware of all of your data protection rights.

Every client is entitled to the following:

The right to access - You have the right to request for copies of your personal data. We may charge you a small fee for this service.
The right to rectification - You have the right to request that Holdens correct any information you believe is inaccurate. You also have the right to request Holdens to
complete information you believe is incomplete.

If you do not agree to us processing your personal data then this will cause delays and we may be unable to act for you in the course of your matter.

Special Categories and Criminal Convictions Data

Further to our lawful basis for processing personal data we rely on further conditions contained within the Data Protection Act 2018 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.)(EU Exit) Regulations 2019 and 2020) for processing these types of data.

These conditions are contained in Schedule 1, Part 3 of the Act. The primary condition we rely on is known as “legal claims” where; This condition is met if the processing -

a) is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), (b) is necessary for the purpose of obtaining legal advice, or (c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights We would normally also rely on another condition in Schedule 1, Part 3 of the Act known as “consent” where, due to the nature of these types of data we would obtain your consent prior to processing them. If our reason for processing data is in connection with the Schedule 1, Part 2 of the Act, condition 18, safeguarding of individuals and children at risk. This is because the processing will be necessary for the purposes of; (a) protecting an individual from neglect or physical, mental or emotional harm, or (b) protecting the physical, mental or emotional well-being of an individual, In this condition; (a) in the circumstances, consent to the processing cannot be given by the data subject; (b) in the circumstances, we cannot reasonably be expected to obtain the consent of the data subject to the processing; (c) the processing must be carried out without the consent of the data subject because obtaining the consent of the data subject would prejudice the provision of the protection Also, due to the nature of these data types, we comply with Schedule 1, Part 4 of the Data Protection Act which requires us to have an appropriate written policy explaining our security procedures, and data retention periods and we are required to retain this policy document and produce it to the Information Commissioner on request.

The right to erasure

You have the right to request that Holdens erase your personal data, under certain conditions.
The right to restrict processing - You have the right to request that Holdens restrict the processing of your personal data, under certain conditions.
The right to object to processing - You have the right to object to Holdens processing of your personal data, under certain conditions.
The right to data portability - You have the right to request that Holdens transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: advice@holdenslaw.com

Call us at: 01524 35945

Or write to us: 2 Castle Hill, Lancaster LA1 1YR