Privacy Notice - GDPR compliant
Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who we are?
MTA Solicitors LLP, known as ‘The Firm(s) collects, uses and is responsible for personal information about you. When we do this we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
Our Data Protection Officer is Michael Taylor.
What do we do with your information?
Information collected by us
When carrying out legal activities relating to individual clients we collect the following personal and sensitive information that you provide to us, this is including but not limited to:
- Name, Date of Birth and contact details (including your address, email and phone numbers);
- Information relating to your case and any goods or services relevant to your case;
- Identification documents such as driving license, passport, photo ID, utility statements and bank statements;
- Financial information about you such as your employment status, position and remuneration packages and bank details, especially in the case of engagements involving a transfer of assets, employment-related matters and investment-related matters;
- Information about your family or next of kin that you give to us in relation to your matter or to our engagement with you at the firm(s);
- Personal information held in Wills, Deeds and Trust arrangements;
You may also give us information that is classified under special categories of data as detailed in GDPR, this is including but not limited to:
- Medical Records relating to your claim;
- Personal details about children if applicable for your case.
Information collected from other sources
We may also collect the same information documented above from other sources such as, this is including but not limited to:
- Witnesses and information contained in witness statements and other court documents;
- Other professional advisors you have a relationship with;
- The Court of Protection and Office of the Public Guardian;
- Your family, friends, colleagues and other members of the public;
- Suppliers of goods and services;
- Government bodies, including the courts;
- Information you make public on professional networking sites;
- Public records and official documents.
How we use your personal information
We use your personal information for the following purposes:
- To provide you with legal services
- To comply with our legal obligations to the SRA and other relevant regulators;
- To manage any queries or complaints you have about the services you receive;
- To engage with service and goods providers;
- To train and develop our colleagues;
- To monitor the quality of service we deliver to you, and ensure it meets your expectations;
- To comply with legal obligations to act in the public interest and uphold the rule of law;
- To introduce you to other professional service providers that can meet your needs;
- To protect our colleagues, visitors and offices, and to detect and report crime at our offices.
Whether information has to be provided by you, and why?
This personal information Name, Address, Date of Birth, Contact Details, Information relating to your case must be provided by you to us, to enable us to provide you with a service and act in accordance with our contract. When we collect information from you, we will inform you whether you are required to provide this information to us.
Legal reasons we collect and use your personal information
We rely on consent through contract as the legal basis for processing your information. We are also a professional regulated firm and are bound by regulations specific to a solicitors practice and by general regulations applicable to all UK businesses. Parts of these regulations require us to process your data.
Who will we share your personal information with?
We have relationships with a number of third parties that we routinely share personal data relating to your case within the scope of the contract. These Third Parties we use are available on request. This data sharing enables us to:
- perform the services you have instructed us on by sharing data with expert consultants, counsel and advisors as required to undertake your case;
- manage the day-to-day operations of the firm and gain advice from legal, financial and other professional advisers;
- operate the infrastructure of the firm by engaging with software and service providers used to undertake your matter including: case management providers; time recording providers; document storage providers; file sharing providers and conferencing providers;
- engage with storage and archiving providers to ensure your information is protected securely and backed up.
Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR and will be reviewed for their compliance on an annual basis.
We will share personal information with law enforcement agencies if required by applicable law.
We will not share your personal information with any other third parties without your consent.
How long will we store your personal data?
We will only keep your information for as long as necessary to complete the purposes we have described above. We use the following retention periods and review these periodically to make sure we are only keeping what we need:
- Matter information – we will keep information about you and any information relating to your matter for a period of time ranging between 6 – 16 years (depending on the type of instruction and case matter involved) after the matter has ended or one year after any relevant limitation period, whichever is longer. The relevant period will be clearly stated to you within our client care letter and information pack at the time of engaging us. If you would like more information please contact us.
- Identification and Due Diligence – we will keep information that we need to complete anti-money laundering and due diligence checks for a minimum period of 5 years from the end of the last matter we worked on for you; this is in order to comply with our anti-money laundering obligations. If you continue to work with us, we will update this information at least every 3 years;
- Financial Transactions – we will keep information about you and any financial transactions, including fees paid and payments for services, for a period of 6 years, in order to comply with HMRC requirements to keep accurate records that can be audited;
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine-readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR.
If you want to exercise any of these rights, please:
- Email us at email@example.com
- Write to us (for the attention of Michael Taylor, our Data Protection Officer)
- Provide other information so that we can identify you, for example Name, Contact Details, Case reference number, as we may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address;
- State the right or rights that you wish to exercise;
We will respond to you within one month from when we receive your request.
How to make a complaint?
We hope that you are happy with our service and that we/our Data Protection Officer can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority if the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
Automated Decision Making
We do not use automated decision making.
The firm (s) have invested in processes, systems and controls to safeguard your data. We keep your information secure through:
- training all our staff on the importance of information security and the processes we have in place;
- annual reviews to help us to understand and manage emerging threats to information;
- policies and procedures that are enforced across all firms;
- security functions in systems, to include password protection, virus protection, router firewall protection, access restriction;
- audits and checks on the performance of controls;
- risk management processes that identify and mitigate risks and threats to your information;
- encrypted backups taken periodically to make sure data is always available;
- password policies for any systems that hold data;
- administrative control and oversight of any systems or networks that hold data.
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes, we will inform you by emailing you if we hold these details on file or writing to your home address.
Changes to this privacy notice
This privacy was published on 01/08/2018 and last updated on 12/09/2018.
We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you by emailing you if we hold these details on file or writing to your home address.
Get in touch
If you have any questions about this privacy notice or the information we hold about you, please contact us by emailing us at firstname.lastname@example.org.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us (see ‘Get in touch’ above).