Understanding the General Data Protection Regulations (GDPR)
The GDPR is the biggest change to data privacy laws in the last 20 years and came into effect on the 25th May 2018. The regulation is focussed on you the individual and how your data is used and processed. It is important we let you know of the rights you have under the regulations and these are described below.
How the law protects you.
The GDPR says we are allowed to use your personal information only if we have a proper reason to do so, the law says we must have one of the following reasons;
- To fulfil a contract we have with you.
- When it is our legal duty.
- When it is our legitimate interest.
- When you consent to it.
We process data from clients and non clients for all of the above reasons. A legitimate interest is when we have a business or commercial reason to use your information including but not limited to internal administrative purposes, enhancing and improving our business, product development and preventing fraud.
How do we collect your data?
Collection methods are;
- Through our website.
- From interactions with you whether over the phone, in person, in writing or through our website and emails.
- From third parties such as a corporate partner which has referred your details onto us in order that we may provide you a service or from another law firm which has asked us to look after you documents.
- Through recruitment channels, responses to job advertisements or apprenticeship schemes.
What information do we collect about you?
We process both personal and special category data. Personal data we process may include name, address, date of birth, email address and telephone numbers. It may also include an IP address and cookies if you visit our website. The nature of our business means we also collect special category data such as health data and biometric data (passports for identification and verification purposes as required by law) so we can give the most accurate and up to date legal advice.
How will this be used?
We will use your personal data in the following ways;
- To provide you with information, products or services which you request from us or we feel may be interest and beneficial to you or you need to know.
- To carry out, or seek to carry out, work on your behalf arising from any contract entered into by us and you and fulfil our responsibility to you which is to ensure your legal documents are up to date.
- To communicate with you to let you know we hold legal documentation of yours.
- To notify you of any changes to our services.
- For recruitment and employment purposes.
- For training and monitoring purposes.
Will we share your data with anyone else?
We may share your personal data with;
- Other law firms that deliver the Rightwill service and only with your permission. We work with Partner firms across the country in order to provide a service nationally.
- Third party service providers (data processors) to supply and support our services to you. We only use data processors that we have done necessary due diligence with and have written agreements in place with. This means they cannot do anything with your personal data unless we have instructed them to do so, they cannot share it with anyone else and they will hold it securely and retain it as we request. Examples of our data processors are our IT company and will storage facility.
How long will you keep my data?
Under the GDPR and our professional regulator, the Solicitors Regulation Authority, we have to have a data retention policy. We will retain your data for no longer than necessary in accordance with the regulations.
What are my rights?
As well as our obligations and commitment to respect the privacy of your information you also have certain rights in relation to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations.
The right of access – you are entitled to request a copy of the personal information we hold about you.
The right to object – in relation to direct marketing or profiling you have the right to object to us processing.
The right of rectification – if you let us know the information we hold about you is incorrect or has been updated we have an obligation to correct it.
The right to be forgotten – you can ask us to delete your data when it is no longer required for a legitimate business need, legal or regulatory obligations or for the purpose it was collected for.
The right to restrict – you have a right to ask us to limit the way we process your data.
The right to data portability – if when you gave us data it was collected electronically you can request the data we hold about you in a commonly used machine readable format.
Rights in relation to automatic decision making or profiling – we do not use automatic decision making or profiling in our business.
How to contact us
Right Legal Group Limited are in different areas of the business both the Data Controller and the Data Processor. In both situations we have obligations under GDPR. If you have any specific concerns about the privacy of your personal data or require further information about how we manage your personal data please get in touch with us directly on the details below. Our Data Protection Officer is Elizabeth Ward.
By post: 16 Stanier Way, Wyvern Business Park, Derby, DE216BF
By email: firstname.lastname@example.org
By phone: 01332 424511
If you wish to complain
We hope that you do not have cause to make a complaint but if you do please raise any complaint directly with us in the first instance using the contact details above. If you are not satisfied with the way we handle your complaint you are entitled to raise a complaint directly with the Information Commissioners Office via the details available on their website www.ico.org.uk