When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as 'controller' of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
It would be helpful to start by explaining some key terms used in this policy:
|We, us, our||Bowles & Co Solicitors LLP, trading as Bowles & Co|
|GDPR & Data Protection Liaison Partner||Sarah Lambert|
|Personal data||Any information relating to an identified or identifiable individual|
|Special category personal data||
The table below sets out the personal data we will or may collect in the course of advising and/or acting for you.
|Personal data we will collect||Personal data we may collect depending on why you have instructed us|
We have a legitimate interest in processing this data as well as a legal obligation in relation to some of it, we may also request it in order to enable us to provide our services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you. It is your obligation to ensure you keep us informed of the accuracy of all relevant data.
We collect most of this information from you. However, we may also collect information:
Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal data for, our reasons for doing so and why the law allows this:
|What we use your personal data for||Our reasons|
|To provide legal services to you (including an initial conflict of interest check)||For the performance of our contract with you or to take steps at your request before entering into a contract|
||To comply with our legal and regulatory obligations|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies such as the SRA, Law Society, HMRC, courts and/or law enforcement agencies||To comply with our legal and regulatory obligations|
|Ensuring business policies are adhered to, eg privacy, data protection, AML and counter terrorist financing and policies covering security and internet use||To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, ie to make sure we are following our own internal procedures so we can deliver the best service to you|
|Operational reasons, such as improving efficiency, training and quality control and practical matters such as document storage on or off site||To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, ie to be as efficient as we can so we can deliver the best service for you at the best price|
|Ensuring the confidentiality of commercially sensitive information||To comply with our contractual obligations, legal and regulatory requirements as well as for our legitimate interests or those of a third party, ie to protect our intellectual property and other commercially valuable information|
|Statistical analysis to help us manage our practice||For our legitimate interests or those of a third party|
|Updating client records||
|Statutory and regulatory returns eg to HMRC, SRA and/or our Professional Indemnity Insurers||To comply with our contractual obligations, legal and regulatory obligations|
|Ensuring safe working practices, staff administration and assessments||
|Credit reference checks via external credit reference agencies||For our legitimate interests or a those of a third party, ie for credit control|
|External audits and quality checks, eg for CQS||
The above table does not apply to special category personal data (see Key Terms), which we will only process with your explicit consent in accordance with the legal requirements relating to consent in such circumstances.
We may share personal data with:
We try to ensure that our service providers handle your personal data on the basis that they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers (or their agents) of some or all of our business or during a re-structuring. The recipient of the information will be bound by confidentiality obligations.
Information may be held at our offices (or off site) by third party agencies, service providers, representatives and agents as described above (see 'Who we share your personal data with').
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: 'Transferring your personal data out of the EEA'.
We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data.
When it is no longer necessary to retain your personal data, we will delete, destroy or anonymise it.
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), eg:
These transfers are subject to special rules under European and UK data protection law.
|Type of Record||Retention Period|
|Access, known as a Subject Access Request||The right to be provided with a copy of your personal data in accordance with the provisions of the law which you can reference on the ICO website|
|Rectification||The right to require us to correct any mistakes in your personal data. We rely on you to inform us in the first instance of any amendments to your data that are required|
|To be forgotten||The right to require us to delete your personal data in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data in certain circumstances, eg if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations|
|Withdraw consent||At any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent|
The right to object:
|All Other Investments and Protection||The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you|
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation https://ico.org.uk
If you would like to exercise any of those rights, please:
We seek to use appropriate technical and organisational measures to:
We hope that we can assist you with any query or concern you may raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
Our contact details are shown below:
Bowles & Co Solicitors
18 Church Street
Surrey KT17 4QD
Tel: 01372 725241
GDPR & Data Protection Liaison Officer
Bowles & Co Solicitors
18 Church Street
Surrey KT17 4QD
Tel: 01372 725241