Rothera Sharp Privacy Information Policy
Rothera Sharp are a firm of Solicitors providing legal services as detailed on our website.
We are a data controller (see contact details below). This means we decide how your personal data is processed and for what purposes.
Rothera Sharp has created this Privacy Information Policy because we take your privacy very seriously. We always treat any personal details you give us as confidential.
The policy sets out who we are, what information we collect from you, how we use it and your data rights.
We are committed to being transparent about how we handle your personal information, to protecting the privacy and security of your personal information and to meeting our data protection obligations under the General Data Protection Regulation (GDPR) and the forthcoming Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during and after your working relationship with us. We are required under the GDPR to notify you of the information contained in this privacy notice. This privacy notice applies to all current and former clients, those who make enquiries of us, current and former employees, workers and contractors.
Data Protection Principles
Under the GDPR, there are six data protection principles that Rothera Sharp must comply with. These provide that the personal information we hold about you must be:-
- Processed lawfully, fairly and in a transparent manner.
- Collected only for legitimate purposes without clearly being explained to you and not further processed in a way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to those purposes.
- Accurate and, where necessary, kept up-to-date.
- Kept in a form which permits your identification for no longer than is necessary for those purposes.
- Processed in a way that ensures appropriate security of the data.
We are responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
“What is personal data”?
Personal data relates to any living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Personal data can be anything from a name, date of birth, address (including IP address), National Insurance number, sex, to medical records, to information retained by us on a file.
Our basis for processing your personal data
Our legal basis for collecting and storing your personal data is to provide legal advice and our right to retain that data is on the grounds of legitimate interest which is to establish, exercise or defend our legal rights in the event of any claim arising in relation to the legal advice provided.
How do we store your data?
Electronic client data will be stored in our File Management System called SOS Connect. This contains all file details including personal data, letters, documents, emails, and ledgers. This is situated with the European Economic Area (EEA). We meet our obligations by keeping all personal data up-to-date.
Paper based data is kept on files at the office where the work is carried out and kept secure in lockable filing cabinets.
How do we protect your data?
All paper and electronic data is stored securely and also destroyed securely. We protect personal data from loss, misuse, unauthorised use and disclosure with appropriate policies and internal training and technical measures in place to protect personal data which is underpinned by a Data Protection Policy.
As regards electronic data, our servers are stored in a secure room on site. We operate a secure networked MPLS environment with built in firewall protection and protection is additional is administered by Sophos.
Destruction of data
Paper waste is destroyed on site and this is carried out by a third party confidential waste company.
Paper files archived off site are destroyed securely by the hosting third party company.
If you provide personal data about yourself or your company when using our website, it will only be used to give an answer to your enquiry. The personal data collected will be limited to that to enable us to be able to satisfy ourselves this is a genuine enquiry and to answer that enquiry.
The personal data in relation to that enquiry will be retained on our File Management System for 6 years prior to destruction. It will be retained for that period on the grounds that we have a legitimate interest to do so; namely, to establish, exercise or defend our legal rights arising out of any advice given.
We do not share your personal data with any third party except where necessary to answer to a query raised by you. If we need to communicate with a third party to deal with your enquiry we will request your written consent to do so. However, if we are formally instructed by you to act this will be governed by our Terms of Business (please see hereafter).
Clients (lawful processing)
Rothera Sharp will process your personal data for the purposes of and so long as we are instructed by you in relation to a matter in which you have signed a Terms of Business letter and a processing of data form. The legal work undertaken by us will be as detailed in the said Terms of Business letter with which we also provide a Terms of Business and Service Commitments Leaflet which details our obligations of confidentiality, your data protection rights and our need to share information with third parties as appropriate in representing your interests.
File opening/client identity verification
As part of our file opening procedure in accordance with our Terms of Business and Service Commitments and when the client care letter has been signed, we validate the name, address and other personal information supplied by the client against appropriate 3rd party databases. We use Experian to carry out the check who may use any database (public or otherwise) to which it has access in order to carry out the relevant verification service and a specific (non-credit) footprint is left as a result.
If you want to know more about Experian’s ID & F Information Notice please follow this link.
Communicating with third parties for clients
From time to time we may need to share your personal data with a third party to ensure that your legal interests are appropriately represented. You will be informed at the time when this is happening but examples of the provision of personal data to third parties includes instructing barristers, instructing costs draftsman, instructing experts and submitting claims to the Courts and through online portals. All third parties with whom we will have dealings will be required to provide satisfactory evidence that they will ensure that your personal data is kept secure.
Personal data retention policy for clients
We reserve the right to retain file records and data where we have acted for you for the necessary establishment, exercise or defence of any possible legal claim against the firm. The relevant periods for which the file will be retained prior to destruction (both paper and electronic) are:-
Conveyancing purchases – 15 years
Family cases – 15 years
Children cases – 15 years
Trusts – 15 years
Wills/Enduring Powers of Attorney – never destroyed
All other matters – 6 years
Storage of Deeds
Rothera Sharp will retain deeds in our deeds storage system at your request and retain them until asked to release them to you.
Storage of Wills
Rothera Sharp will retain Wills in our wills storage system at your request and retain them until asked to release them to you.
For individuals who attend either Rothera Sharp events or other events as our guests, we have their express informed consent to hold their relevant personal data and they are advised of the right to withdraw their consent at any time. This is carried out by what is called “Double Opt-in”.
Clients are only sent information about services that we provide where they specifically request us to do so when completing a client satisfaction questionnaire and thereafter we do not provide further information from time to time unless we have their express informed consent to do so.
We produce a newsletter called “Keep me on the Road” which is made available to a group of clients and contacts who operate in the Road Haulage and Road Transport field and our basis for retaining their data for this purpose is on the grounds of legitimate interest.
Marketing data is managed with the use of a third-party data processor called Mailchimp. This is subject to a data processing service agreement for users within the EEA.
Marketing data retention policy
We retain personal data in accordance with express consent subject to review every 12 months.
Client satisfaction questionnaires are only retained for 6 months from receipt and then securely destroyed.
Employees and former employees
Rothera Sharp has a separate privacy notice for employees which by way of illustration details the types of personal information we collect, how we collect it, and why and how we use personal information. This separate notice is available to all existing employees internally and is available on request to former employees.
Any paper data is retained in lockable filing cabinets in a secure room. Electronic data is stored on People HR, which is a cloud-based Portal and hosted within the EEA.
Retention of employee data
This data is retained for 6 years from the date of leaving our employment and is then securely destroyed. Payroll data is retained for 3 years prior to destruction. Specific medical related data maybe held longer; for a period of 40 years.
Retention of applicant’s data
This data for applicants who apply for employment with Rothera Sharp is retained for 3 months and then is securely destroyed.
Your Rights and Your Personal Data
You have the right to request a copy of your personal data by way of what is known as a Data Subject Access Request (DSAR). In most circumstances this will be provided free of charge.
Our DSAR Policy can be read by following this link and is available on our website. This also details other statutory rights as regards your personal data, which are for the avoidance of any doubt, the right to rectification, the right to erasure (“right to be forgotten”), erasure of children’s personal data, the right to restrict processing, the right to portability and the right to object to processing.
Breach of your data rights
If you have reason to believe that you have been subject to a breach of your personal data rights please contact our Data Protection Team (details hereafter). We have a policy and procedures to deal with any potential breach of data.
A cookie is a small file which asks for permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as a individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Cookies help to provide you with a better website and service, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you taking full advantage of the Rothera Sharp website.
For more information about cookies please see our separate Cookies page on our website.
To exercise all your statutory rights, queries, or complaints about how we have processed your personal data please contact in the first instance the Data Protection Team at 2 Kayes Walk, Stoney Street, The Lace Market, Nottingham, NG1 1PZ or by email at firstname.lastname@example.org or by ringing our main line number on 0115 9100600 and asking to speak with Mr Charles George, Mr Richard Hammond or Mr Richard Bates.
Lodging a complaint with the ICO
You have the right to contact the Information Commissioner’s Office (ICO) on 03031231113 or via email at https://ico.org.uk/global/contact-us/email or at the ICO’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
If we wish to use your personal data for a new purpose, which is not covered by this Privacy Information Policy we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Changes to Privacy Information Policy
By using this website you consent to the collection and use of any personal information in the matter set out above.
21 May 2018