We are required to comply with the EU General Data Protection Regulation (GDPR), which gives you extensive rights. These rights help you ensure that information relating to you as an identifiable individual is correct, is used only appropriately and is available to you on request.
This notice sets out our policies on data privacy and aims to give you clear guidance on these rights.
1. Personal Data
As a firm of solicitors we collect some basic information about you, as our client, in any case. We require your full name and contact details so that we can communicate with you and there is some further information which we have to collect so that we can verify who you are, to comply with legal requirements. We also collect information, of course, so that we know enough to do whatever job you instruct us to do for you and to respond pro-actively if we think we need to do something for you, or discuss something with you, in that light. We carry out our commitments under the contract which you make with our firm by instructing us and, sometimes (although without cost to you, if not within a retainer that you’ve instructed us on at that point), we make contact with you on our own initiative because we think we can help you in some way.
We may collect additional information for related purposes such as to understand you better; or relating to financial arrangements with you; or simply by the fact that someone happens to tell us something about you (whether we asked them to or not).
Of course a lot of the information about you that we hold will have come from you, but we also gather information from searching online databases (such as our electronic identity checks or from Companies House) and we get information from other professional advisers whom we are working with on your behalf.
All that information, wherever it comes from, is your "personal data" under this policy if it is identifiably about you, a specific individual, personally. (If you are a limited company, LLP or other corporate entity, then we owe the same professional obligations but the GDPR protection mostly won’t apply directly, since it’s all about protection of individuals’ data.)
2. Use of Personal Data
There are two grounds for using your personal data:
(a) to enable us to act for you (or prepare to do so); and
(b) in our legitimate interests, to run our business, including for compliance with our legal and regulatory requirements.
We maintain a list of clients and contacts using Microsoft Outlook Contacts. We also maintain an e-mail list on Mailchimp, which we use to send out sporadic newsletters and invitations to seminars. If you receive any communications through Mailchimp you can easily unsubscribe from them.
We do not sell your personal data to anybody else at all and we never will. You are (and always have been, regardless of data protection laws) entitled to expect that we will keep all confidential information which we have about you, totally confidential at all times, using it (and disclosing it) only in the circumstances set out in (a) and (b) above.
Under the GDPR you have particular rights for any "special category" personal data which we hold about you. That means data revealing your racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, any genetic or biometric data and data concerning your health, sex life, or sexual orientation. In the nature of our work we wouldn’t normally handle any such data about you.
If we do hold some, we can use it on your behalf with whatever consent is clear from your instructions to us.
3. Sharing Your Personal Data
In acting for you, we will share personal data with anyone else who, in our view, is necessary and appropriate in your best interests, within the scope of our retainer with you.
Apart from that, we will (with your consent) share information with others only for our legitimate purposes in running our business.
4. Data Retention
We routinely keep all records about our clients, and about our work for them, for at least six (6) years.
We are bound by our regulatory code to do at least that much, both in your interests and for good business practice.
5. Your Personal Data Rights
You can expect us to treat all personal data that we hold about you with all due privacy. Under the GDPR you may also have particular legal rights as follows depending on the type of information, whether we got it from you and what we use it for. In practice these legal rights should be relevant not only if you are our client, since we would be bound to look after our own client in such respects anyway. Those GDPR rights are, briefly, access (free of charge) to such data; to have any mistakes about your data rectified; to be "forgotten" in certain circumstances, by such data being deleted; to restrict our processing of the data; to receive a copy of certain of your personal data from us; and to object in certain circumstances to our using the data.
If ever you think we are failing to comply with your rights, please let us know and tell us why.
You also have a legal right, under the GDPR, to lodge a complaint with the appropriate supervising authority. In the UK that is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns or by phone on 0303 1231113.
The Information Commissioner’s website has further guidance on your legal rights, including under the GDPR, at https://ico.org.uk/your-data-matters
6. Contact Details
JK Walmsley t/a JKW Law, which is owned and operated by John Walmsley, Solicitor (roll no. 160692).
JK Walmsley is a recognised body regulated by The Solicitors Regulation Authority (no. 442359).
JKW Law is a recognised trading name regulated by The Solicitors Regulation Authority (no. 497595).
John Walmsley is the "data controller" for GDPR purposes.
152 City Road
London EC1V 2NX
0203 693 3827
++ 44 203 693 3827