DATA PROTECTION AND PRIVACY POLICY
When you deal with TP Law you trust us with your information and are committed to protecting the data you provide to us. This section explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
What we need
Under the General Data Protection Regulation (GDPR) you provide us with both Personal data and Sensitive personal data. The difference between these types of data is explained below and you must ensure that you understand these definitions.
Personal data: is general information that you supply about yourself – such as name, address, date of birth, gender and contact details.
Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, health and any criminal convictions.
In the majority of cases ‘personal data’ is restricted to information we may need to complete basic ID checks and any relevant applications on your behalf. However, some of the work we do for you may require us to ask you for sensitive personal data to assist us with your case.
You may volunteer the information about yourself, including making an online enquiry. Information may also be passed to us by third parties so that we can undertake your legal work on your behalf. For example information from; Local Authorities, Police forces, Crown Prosecution Service, Her Majesty’s Court Service, Organisations that have referred work to us, Banking / Financial Institutions, Medical Institutions.
Why we need it?
The main reason for asking you to provide us with your personal data is to allow us to carry out your requests. This will be to represent you and carry out your legal work, that is, to perform a contract which we have agreed.
The following are some examples of what we may use your information for: verifying your identify, communicating with you, to establish funding for your matter, processing your legal transaction – to provide you with advice, conducting litigation on your behalf, attending court hearings and/or instructing Counsel on your behalf, and preparing legal and other documents, seeking advice and/or obtaining reports from third parties such as legal and non-legal experts, responding to any complaint or allegation of negligence against us.
We may also need your information to enable us to comply with our legal obligations such as statutory returns, legal and regulatory compliance.
Who has access to it?
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not share or sell your information to any third parties.
Your personal information will be used within TP Law. However, as we have explained above, there may be circumstances when carrying out your legal work where we may need to disclose some information about you to third parties, for example a court or tribunal, solicitors acting on the other side, a barrister – for advice or to represent you, non-legal experts to obtain advice or reports, translation agencies, contracted suppliers, or external auditors.
In the event any of your information is shared with the above third parties, we ensure that they comply, strictly and confidentially, with our instructions and that they do not use your personal information for their own purposes. When we use third party providers, we only disclose to them any personal data that is necessary for them to provide their services. They will have their own procedures to keep your data secure and not to use it other than in compliance with the data protection legislation.
There may be some uses of your personal data that may require your specific consent. If this is the case, we will contact you to ask for your consent which you will be free to withdraw at any time.
How do we protect your personal data?
We recognise that your personal information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. We also adopt a high threshold when it comes to confidentiality obligations to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
How long will we keep it for?
Your personal information will be retained in computer and/or manual files, only for as long as is necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us.
We will retain client data for a minimum of 6 years.
We will consider whether we need to retain your personal data after the period described above in case of a legal or regulatory requirement.
What are your rights?
Under the GDPR, you are entitled to request a copy of your personal data (otherwise known as a Subject Access Request). If you wish to make a request, please do so in writing to our Data Protection Lead , or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. It will not result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain the data.
Once a request is made by you, we will provide you with a copy of the information free of charge within one month of your request having been made. We can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. The fee charged by us will be based on the administrative cost of providing the information. Prior to providing you with the information we will verify your identity using ‘reasonable means’.
GDPR gives you the right to have your personal data rectified if it is inaccurate or incomplete. You must inform us of the rectification as soon as possible and we will amend it and delete the incorrect data from our records.
You also have the right through GDPR to Data Portability if you change solicitors, this means through our software we are able to create a CSV file with your details on to be able to take this information to your new solicitor to upload into their system. This would depend on whether your new solicitor’s software provider has this function.
It is your right to restrict the processing of your data, this can be set on your contact details to restrict what you want your data being used for. To do this contact the office to discuss these options and set up your preferences.
Complaints about the use of personal data
If you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. To do this please contact the office on 020 8262 7843 and ask for the Data Protection Officer.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).