MPR Solicitors LLP (‘ the Firm’) is fully committed to compliance with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation 2018. MPR Solicitors LLP will therefore follow procedures that aim to ensure that all members, partners, managers, associates, employees, agents and consultants who have access to any personal data held by or on behalf of the Firm, are fully aware of and abide by their duties and responsibilities under the relevant legislation.
In order to operate efficiently, MPR Solicitors LLP has to collect and use information about people with whom it works and deals with. These may include members of the public, current, past and prospective employees, clients and customers, suppliers and others with whom MPR Solicitors communicates and conducts business. In addition, it may be required by law to collect and use information in order to comply with the requirements of central government. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.
MPR Solicitors LLP regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Firm and those with whom it carries out business. The Firm will ensure that it treats personal information lawfully and correctly.
DATA PROTECTION NOTICE
For the purposes of the GDPR, we will be the controller of any personal data that we collect from or about you in connection with the provision of our professional services, or related activities such as promoting the Group’s business and market research or, where relevant, dealing with job applications.
How we use your data
MPR Solicitors LLP is registered as a Data Controller with the Information Commissioners Office. We will use the information that you give us to provide you with legal services, as per your instructions. We will keep your information confidential and will only use it for the purpose(s) for which it was provided or as is permitted in law (i.e. for dealing with complaints or regulatory investigations).
What personal data do we collect from or about you?
If you make an enquiry
If you contact us with an enquiry about our professional services (either through one of the Group’s websites or by phone, email or post), we will ask you to supply essential contact details (your name, e-mail address, phone number and,), which we need in order to identify you and deal with your enquiry.
Depending on the nature of your enquiry, we may collect from you further details, such as the circumstances in which you are making the enquiry, the professional services that may be of interest to you or, where you are interested in a possible position with us, your CV and related information.
If you are or become a client
If you are or become a client (or the company or other person you represent is or becomes a client), and in the course of providing our professional services, we may collect further personal data from you, depending on the nature of the services we are providing. In certain cases, the information that we collect from you may be of a sensitive nature (for instance, health related information) or may include criminal records, but we will only ask you to provide the information that is necessary and appropriate.
We may also need to ask you to provide further personal data, and may need to carry out background checks about you with credit reference agencies and fraud prevention agencies, for credit control purposes and in order to satisfy our obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and any other applicable legislation concerning money laundering, tax evasion, crime prevention and fraud protection. If you do not provide us with the information we need, we will not be able to provide our professional services for you or the company or other person you represent.
When you make a personal payment for our services, details of the method of payment, your bank details or your credit or debit card number will be processed.
If you are a professional or business contact
If you provide us (or one of our employees or other personnel) with your professional or business contact details or other relevant personal data, we will use this in order to keep in touch with you and exchange information that we believe is, or may become, relevant to our and your business or profession.
If you enquire about a job
If you submit a job application or enquire about a potential position, or another person does so on your behalf, we will ask you (or them) to provide relevant personal information about you. Further details of the personal data that we collect, and of the basis on which we will process your personal data, will be provided by our HR Department at the time.
Why and on what basis do we process your personal data?
When you make an enquiry, we will process the personal data that you give us, or we collect from you or about you, so that we can supply you with the information that you have requested about our professional services, on the basis that it is necessary for our legitimate interests in promoting our professional services or in order to provide a quotation for our services.
If you are or become a client (or the company or other person you represent is or becomes a client), we will process the personal data that you give us, or we collect from you or about you, in order to perform the contract that we have with you (or the company or other person you represent).
Where we need to process special categories of data (sensitive data’) or criminal records relating to you, we will only do so with your explicit consent or where this is necessary for the establishment, exercise or defence of legal claims.
We will also process your personal data for internal record keeping, billing and accounting, and to respond to any queries, complaints or requests for further information, and for the purposes of archiving. The basis on which we do so is that it is necessary for our performance of the contract we have with you (or the company or other person you represent), or is necessary for our legitimate interests in managing our business and improving our professional services, and to comply with our regulatory obligations.
In appropriate circumstances we will use the personal data that you provide or that we collect about you on the basis that we are required to do so in order to comply with our regulatory obligations, including those under applicable legislation such as that concerning money laundering, tax evasion, crime prevention and fraud protection.
Who do we share your personal data with?
We may need to share some or all of your information with quality assurance auditors for the purposes of their assessment of whether we are adhering to quality standards. Any examination will be strictly controlled and will be shared for the sole purpose of ensuring that our handling of your matter meets the requirements of the quality standard. Please let us know if you are unhappy for us to share that information. [If you are a client under the legal aid scheme then we may be required to share some or all of that information with the Legal Aid Agency and / or with our quality assurance auditors.]
We may have to share some or all of your information with other third parties. This may include barristers; experts; and others who we need to instruct to assist us with your matter, the Legal Ombudsman (if you complain about our services) and the Solicitors Regulation Authority (the statutory body that regulates solicitors). In doing so we will always take care to ensure that your information remains confidential and safe. We will liaise with you during your case about which experts, barristers and other third parties we instruct on your behalf.
Data processing services
Some of our data processing services are supplied by third party providers, who will need to have access to your data for that purpose. Such third party suppliers will be appointed on the basis that they provide sufficient guarantees to implement appropriate technical and organisational measures so that the processing will meet the requirements of the applicable Data Protection legislation and ensure the protection of the rights of the data subjects, and will carry out processing only on our written instructions, or where we have a legitimate interest in doing so, as indicated above.
Compliance with legal obligations
We may disclose your personal data if we are required to do so in order to comply with any legal or regulatory obligation or request, or where we have a legitimate interest in doing so, such as in order to enforce or apply our contract with you, to investigate potential breaches, or to protect our property and rights or those of others. This may include exchanging information with other companies and agencies for the purposes of credit risk reduction and to comply with legislation concerning money laundering, tax evasion, crime prevention and fraud protection.
How long do we keep personal data for?
If you contact us with an enquiry about our professional services but you do not subsequently become a client (or the company or other person you represent does not do so), it is our policy to delete your personal data after twelve months.
We will only hold your information for as necessary to provide you with legal services and then for only so long as we are required either contractually or under our regulatory obligations. This will not be more than six years after the end of your case / matter. After this time, we will confidentially destroy all information that we hold about you [(please see our terms and conditions which set out our procedures relating to storage and retrieval)]other than your name, address and date of birth which we will be obliged to continue to hold for the purposes of ensuring that we never act for another client where doing so would conflict with our obligations of confidentiality to you.In some cases it may be necessary for us to retain records indefinitely.
Our full data retention policy is available on request.
In certain cases, it may not be physically possible to delete certain data (for instance, where it is stored on a secure external server), in which case we will take appropriate steps to ensure that it is not available for re-use or disclosure to third parties.
Your rights as a data subject
As a data subject, you have certain legal rights (subject to certain exceptions under the Data Protection legislation) including the right:
- to access the personal data held about you and request a copy of it;
- to ask us not to process your personal data for marketing purposes;
- to withdraw at any time any consent you have given to receive marketing material from us, or in any other case where we process your personal data on the basis of a consent that you have given (and not on some other legal basis);
- to ask us to rectify inaccurate personal data about you;
- to ask for the restriction of personal data about you that is inaccurate, unlawfully processed, or no longer required;
- to ask for the transfer of your personal data in a structured, commonly used and machine readable format where appropriate;
- to ask for the erasure of personal data about you where processing is no longer necessary, or the legitimate interests we have in processing your personal data are overridden by your interests, rights and freedoms as the data subject; and
- to make a complaint to the Information Commissioner’s Office which can be contacted by post via: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by telephone via 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Further information about your rights under the data protection legislation can be found at www.ico.org.uk
Changes to this Data Protection Notice
We may change this Data Protection Notice from time to time. In the case of any substantial change, we will notify you (where practicable) in writing or by email.
How to Contact Us
- by post to: The Data Protection Manager, MPR Solicitors LLP, 8 Red Lion Court, Alexandra Road, Hounslow, Middlesex, TW3 1JS
- or by email to: firstname.lastname@example.org