Roy Foreman & Co Solicitors
This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For the clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc.
This notice does not apply to any websites that may have a link to ours.
Who we are
Data is collected, processed and stored by Roy Foreman & Co. Solicitors, and we are what is known as the ‘data controller’ of the personal information you provide to us.
Roy Foreman & Co. is a partnership, authorised and regulated by the Solicitors Regulation Authority under number 571824.
Our data Protection Officer is Gary Bulbeck who can be contacted by email – email@example.com.
Our website and services are not aimed specifically at children because in legal work children are generally assisted by their parent or guardians. If you are a child and need further advice or explanation about how we would use your data, please email firstname.lastname@example.org.
What we need
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide us:
• Personal data: is general information that you supply about yourself – such as name, address, gender, date of birth, contact details, family details, financial information, business information, education and employment details etc.
• Sensitive personal data: is, by its nature, more sensitive information and may include, physical or mental health details, racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, offences and alleged offences, criminal proceedings, outcomes and sentences, philosophical views, biometric and genetic data.
Sources of Information
Information about you may be obtained from a number of sources; including:
• You may volunteer the information about yourself
• You may provide information relating to someone else – if you have authority to do so
• Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically, these organisations can be:
• The Police and CPS
• Banks or building societies
• Educators and examining bodies
• Business associates
• Panel Providers who allocate legal work to law firms
• Organisation that have referred work to us
• Medical institutions – who provide your personal record/information.
Why we need it
The primary reason for asking you to provide us with your personal data, it to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples, although not exhaustive, of what we may use your information for:
• Verifying your identity
• Verifying source of funds
• Communicating with you
• To establish funding of your matter or transaction
• Processing our legal transaction including:
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts
• responding to any complaint or allegation of negligence against us
Who has access to it
We have a data protection regime in place to oversee the effective and secure processing of your personal date. We will not sell or rent information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Roy Foreman & Co solicitors. However, there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example (but not exhaustive):
• Court or tribunal
• Prisons or detention centres
• Asking an independent Barrister or Counsel for advice; or to represent you
• Non-legal experts to obtain advice or assistance
• Translation Agencies
• Contracted Suppliers
• External auditors or our Regulator; e.g. SRA, ICO etc.
• Bank or Building society; or other financial institutions
• Accountants or Billing Providers
• Insurance Companies
• Providers of identity verification
• Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
• If there is an emergency and we think you or others are at risk
In the event of your information is shares with the third parties, we ensure that they comply, strictly and confidentiality, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case, we will contact you separately to ask for your consent which you are free to withdraw at any time.
How do we protect your personal data
We recognise that your information is valuable, and we take all reasonable measures to protect it whilst it is in our care.
We have exceptional standards of technology and operations security in order to protect personally identifiable data from loss, misuse, alteration or destructions. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We us computer safeguards such as firewalls and data encryption; and we ensure, where possible, physical access control to our buildings and files to keep data safe.
How long will we keep it for
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law, or as long as is set out in any relevant contract you may hold with us.
• As long as necessary to carry out your legal work
• For the minimum 6 years form the conclusion or closure of your legal work; in case you, or we need to reopen your case for the purpose of defending complaints or claims against us.
What are your Rights?
Under GDPR, you are entitled to access personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing address to our Data Protection Officer Gary Bulbeck; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. – but it does not mean you are entitled to the document containing the data.
Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:
1. The right to be informed: which is fulfilled by way of the privacy notice and our transparent explanation as to how we use your personal data
2. The right to rectification: you are entitled to have your personal data rectified if it is inaccurate or incomplete
3. The right to erasure/’right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following circumstances:
• Were the personal data is no longer necessary in regard to the purpose for which is was originally collected
• Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
• Where you object to the processing and there is no overriding legitimate interest for continuing the processing
• The personal data was unlawfully processed
• Where you object to the processing for direct marketing purposes
4. The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
• An objection to stop processing personal data for direct marketing purposes is absolute – there are no exceptions or grounds to refuse – we must stop processing in this context.
• You must have an objection on grounds relating to your situation
• We must stop processing your personal data unless: we can demonstrate compelling legitimate grounds for the processing which override your interest, rights and freedom; or the processing is for the establishment, exercise or defence of legal claims.
5. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted we, can store the data but not use it. This right only applies in the following circumstances:
• Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of the data
• Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interest), and we are considering whether our organisation’s legitimate grounds override right
• Where processing is unlawful and your request restriction
• If we no longer need the personal data but you require the data to establish, exercise or defend legal claim.
Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact our data Protection Officer who will investigate further. Our Data Protection Officer is Gary Bulbeck and you can contact them at email@example.com.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information commissioner’s Office (ICO).
We may contact you for the purpose of direct marketing. This means that we may use your personal data that we have collected in accordance with this privacy police to contact you about our products or services, events etc. which we feel may interest you. The direct marketing communications may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or ally you without your specific consent; nor do we ever pass on or sell your details to third party.
How we collect personal data
The following are examples, although no exhaustive, of how we collect your personal information:
• Submitting an online enquiry
• Agree to fill in a questionnaire
• Ask us a question or submit any queries or concerns you have via email
How we use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interest:
• Fraud prevention
• Network and information systems security
• Data/analytics/enhancing, modifying or improving our services
• Identifying usage trends
• Determining the effectiveness of promotional campaigns and advertising
You have the right to object to this processing. Should you wish to do so please email firstname.lastname@example.org
Any questions regarding this notice and our privacy practices should be sent by email to email@example.com.
Website Privacy Notice
If you provide us with any personal data while using this website we may use it to provide you with any information or services you have requested.
We may also use it for any other purpose for which you give your consent. For example, we may send you additional information about the firm or its services, if you have provided such consent. Your consent will be obtained via the engagement letter, which will be sent to you at the outset of your matter.