Privacy and Data Protection
Sharp & Rimmer Solicitors is committed to protecting and respecting your personal information and privacy. This privacy and data protection policy relates to our use of any personal information we collect from you in connection with any of our services. We will comply with laws governing the protection of personal information, including the Data Protection Act 1998 (DPA) and The General Date Protection Regulation (GDPR).
This notice explains why and how we process your data, and explains the rights you have around your data, including the right to access it and to object to the way it is processed.
- How to contact us
You can contact Edward Rimmer at Sharp & Rimmer, Hillhead, St. Mawes, Cornwall TR2 5AL
Telephone: 01326 270291
- Personal data
This is any information that relates to a living, identifiable person. This data can include your name, contact details, and other information we gather as part of our solicitor/client relationship.
It can also include ‘special categories’ of data, which is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. We are committed to protecting your personal data, whether it is ‘special categories’ or not, and we only process data if we need to for a specific purpose, as explained below.
We collect your personal data mostly through our contact with you, and the data is usually provided by you, but in some instances, we may receive data about you from other people/organisations. We will explain when this might happen in this Notice.
- Your rights
Under the GDPR your rights are:
- The right to be informed about how your data is handled;
- The right of access to your personal data;
- The right to request correction of errors or inaccuracies in your personal data;
- The right to erasure in certain circumstances, also known as the right to be forgotten;
- The right to restrict processing of your data;
- The right to request the transfer of data;
- The right to object;
- Rights around how you are affected by any profiling or automated decisions.
- What data will be processed to provide our services to you?
We will process the following data to fulfil our responsibilities in our relationship with you and this will be the legal basis for delivering the services we have contracted to provide for you (and/or you have consented to our processing your personal data):
- Your contact details so that we can share information with you.
- Information that you provide to us to confirm your identity when you first instruct us so that we can meet anti-money laundering requirements.
- Information contained in emails or other correspondence from you and records of telephone calls or meetings with you so that we can:
- a) Understand your objectives
- b) Provide you with advice
- c) Carry out your instructions.
- Details of transactions you carry out through us and of the fulfilment of our services to you so that we can:
- a) Monitor progress
- b) Deliver our services
- c) Complete financial transactions
- d) Issue bills and arrange payment with you.
- Information about you that we retain on your behalf.
- Will we share your information with anyone else?
We will keep your information within the practice except where disclosure is required or permitted by law or when we use other third party service providers (data processors) to supply and support our services to you.
- How will we keep your details?
Your personal data is stored in both hard copy and electronic formats.
- How long will we keep your details?
Our data retention policy is dictated by the DPA/GDPR and the requirements of our legal profession regulator, the Solicitors Regulation Authority (SRA), a copy of which can be requested.
- How will we disclose what details we hold?
We strive to be as open as we can be in giving people access to their personal information. Individuals can find out if we hold any personal information by making a “subject access request” under the DPA and the “Right of access” under the GDPR. If we do hold information about you we will respond in writing within one calendar month of your confirmed request.
The information we supply will:
- Confirm that your data is being processed
- Verify the lawfulness and the purposes of the processing
- Confirm the categories of personal data being processed
- Confirm the type of recipient to whom the personal data have been or will be disclosed and
- Let you have a copy of the information in an intelligible form
To make a request for any personal information please write to us at the address provided in this policy. Please note that you may need to provide identification in order to prove who you are to access your data.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do not hold information about you we will also confirm this in writing at the earliest opportunity.
We keep our privacy notice under regular review and changes may be made to it from time to time. The current version of our privacy notice will be posted on our website so that you are aware of its contents.
You have the right to complain about the processing of your personal information. Please contact us using the details provided above. If you are still dissatisfied you have the right to complain to the Information Commissioners Office. www.ico.org.uk (http://www.ico.org.uk)