Goodman Ray Solicitors LLP (GR) ( ‘we’, ‘us’) respects the privacy and legal rights of the individuals and organisations we deal with.
This Privacy Notice (‘the Notice’) provides information about how we collect, store and use data from our clients and the persons and organisations we deal with when providing services and administering our business.
For the purposes of the Data Protection Act 2018 (‘DPA 2018’) and the General Data Protection Regulations (‘GDPR’), the Data Controller in respect of any data controlled by the firm is Goodman Ray Solicitors LLP registered under company number OC382130. Our registered address is Francis Barber House, 9 Gough Square, London, EC4A 3DG. We are authorised and regulated by the Solicitors Regulation Authority (SRA) and our SRA number is 592367. Our registration number with the Information Commissioner is Z5059567.
This policy may occasionally change, and the latest version may be found on our website.
Your Personal Data
‘Personal Data’ means any information relating to an identifiable person who can be directly or indirectly identified by data held by us. The DPA and GDPR regulate our use of your personal data. We may obtain personal data from you on a contractual basis when you provide information via our website, when you contact us by telephone, visit our offices or when you correspond with us; or we may obtain personal data from other legal professionals or other parties in the course of our business.
We ask for personal data in order to ensure that we can deliver our services and obligations to you and meet our regulatory requirements. It is important that the personal data we hold about you is accurate and current. Please keep us informed if the personal data we hold about you changes.
We will not collect personal data from you that we do not need other than to provide our services to you. The personal data that we process includes:
- Basic data, such as your name (including prefix or title), the company you work for, your title or position and your relationship to a person;
- Contact data, such as your postal address, email address and phone number;
- Financial data, such as payment-related information;
- Identification and background data provided by you or collected as part of our business acceptance, employment or recruitment processes;
- Technical data, such as data from your visits to our website or in relation to materials and communications we send to you electronically;
- Data you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
Sources of information
We may obtain information about you from a range of sources. This could include it being provided (not exclusively):
- by you (or by a named representative);
- by third parties to allow us to undertake legal work on your behalf, such as:
- Banks / building societies;
- Experts and independent financial advisors;
- Solicitors acting for the other side;
- Medical or financial institutions;
- by monitoring our technology tools and services, such as our websites and email comminutions;
- by using publicly available sources.
Who your personal data may be shared with
Access to your personal data may be given to employees, contractors or agents of GR solely for the purpose of performing their duties or contractual responsibilities to you and not in a way which is incompatible with the purpose for which we obtained the data. In providing clients with legal services, it may be necessary for us to share your personal data with other people, service providers and organisations. In addition, we may share your data to protect your or our legal rights, or because we are required to by law or by the SRA. This may involve the transfer to a country outside the European Economic Area (EEA) where a party, or an asset, subject to proceedings is located outside the EEA and also the Information Commissioner’s Office (ICO), the Legal Aid Agency and organisations involved with the preparation, assessment and certification of quality standards for which our firm is seeking or maintaining accreditation.
We may disclose your personal data to the police, regulatory bodies, legal advisors or similar third parties where we are under a legal duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our agreements; or to protect our rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Storage of data
Data may be stored both in electronic and physical files. Depending on what the information is stored for, it may be held for differing lengths of time.
Data may be stored for as long as is necessary to deliver our services to you and to avoid potential conflicts of interest in the future. This is typically for a minimum of seven years from the conclusion of your legal work, or six years after the client has attained the age of 18 years, in the event that we need to re-open your matter for any reason. In some matters certain documents and information may be kept for significantly longer (16+ years), for instance on some financial orders and maintenance agreements.
Data may be stored for a period for a minimum of one year in respect of those who make an enquiry with, but do not instruct GR.
Once we no longer have to store your information in accordance with the above, it will be destroyed.
Security of your personal data
Your data will be held on secure cloud-based servers within the UK.
Information you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. We use a range of IT security solutions to support this including off site backups, data encryption, log in protection and anti malware or phishing software. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our Site; any transmission is at your own risk.
We may contact you for the purposes of marketing and updating you on latest developments.
This means that we may use your personal data to send you updates about legal developments that might be of interest and relevant to your case, or to invite you to events we are running.
The direct marketing channels that we use include social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent; nor do we ever pass on or sell your details to a third party for marketing purposes.
We may collect your personal information for marketing in a number of ways, including:
- At the end of your matter we will ask if you would like to receive such communications and updates
- Sign-up to receive our newsletter
- Submitting an enquiry via our website
- Following our social media channels
- Responses to surveys.
When we do collect data you will be provided the opportunity to “opt in” to receiving marketing data from us. You also have the right to opt out of this at any time by simply using the unsubscribe link on emails, contacting our Data Protection Office or telling the person in our firm whom you are dealing with at the time.
We hope you will provide this information and that you find our communications useful, but if you choose not to, this will have no effect on accessing our legal services.
Please note that once unsubscribed, you may still receive transactional emails from us regarding your legal case.
If you are not our client or a prospective client
If you are not our client your personal data may be processed to enable us to provide legal advice to our client and may also be used in legal proceedings on behalf of our client. We are allowed to use your personal data because it is in the legitimate interests of our client (for example under the terms and conditions of a loan agreement) to do so. We may also have to use your personal data to comply with our own legal and regulatory obligations.
How we may use your data
Under the GDPR 2018 regulations we have the right to use your personal data for legitimate business interests. This might include:
- Managing our relationship with you and our clients
- Anti money laundering and fraud prevention
- Direct marketing and updates
- Managing network in IT security
- Data analysis and to improve our services
- Understanding trends in our sector
- Fulfil legal, regulatory and risk management obligations
You have the right to object to this processing. Should you wish to do so please contact our Data Protection Officer via our main office number and email.
Your Rights in respect of the Personal Data we process
The GPDR provides for the following rights in relation to your personal data:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling (GR does not, however, use automated decision making).
The GDPR (General Data Protection Regulations) 2018 entitle you to request a copy of your personal data. This is known as a “Subject Access Request”. If you wish to make such a request please do so in writing to our Practice Manager, or speak directly to the person in our firm who is dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the personal data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
You have the right to request that personal data that we hold on you is deleted or transferred to a third party and we have a duty to acknowledge these requests. They should be submitted in writing to our Practice Manager. However please note that our response will be subject to our other legal and regulatory duties. We may request specific information from you to help us confirm your identity. Data protection legislation may allow or require us to refuse to provide you with access to some or all the personal data that we hold about you or to comply with any requests made in accordance with your rights referred to above. If we cannot provide you with access to your personal data, or process any other request we receive, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
If you wish to exercise any of the above rights, please contact: The Data Protection Officer at the registered address above or via email firstname.lastname@example.org. There is no charge for exercising your right of access but we may make a charge if additional copies are requested.
If you have any questions about this Notice or have a complaint about how we have processed your data, please contact us on the address above so we may investigate your complaint. We will investigate any complaint or potential complaint in line with our complaints policy. You also have the right to contact the ICO via www.ico.org.uk/concerns/ or on their helpline 0303 123 1113 if you are not satisfied with our response or the manner in which we are holding your personal data.