1) We do not collect data (i.e. information on the basis of which a person can be identified)
2) The bases on which we collect personal data about you have been assessed according to why we need to collect it and how we will use it for your benefit as our client or other contact of the firm (such as the beneficiary of an estate). These bases are shown in the table below, which also shows what rights you have in relation to the data we hold.
3) In relation to all data we hold, Angela Davies is the Data Protection Officer and data controller. Our fee earners and support staff are the processors.
4) Our intended purpose in processing data is to carry out our clients’ instructions, to comply with our duty to the court, and to meet our legal and professional obligations.
5) We never pass your data on to anyone who might use it to try to sell to you.
6) We do not collect or process special category data or criminal offence data, except that we may hold personal information relating to a person under the age of 18 who is or may be entitled under the terms of a trust.
7) You have the right to check that the data we hold is accurate, and to correct it if necessary.
8) Our records (electronic and paper files) are kept securely for 6 years and then destroyed. Files for will instructions are kept for 6 years after the death of the testator where the
date of death is known (i.e. to the end of the time a claim can be made against the estate).
9) We do not undertake profiling or automated decision making.
10) We do not send data outside the EU except as part of work on a client file with international elements.
11) If we consider that the likelihood and severity of impact of disclosure of personal data is high, we will carry out a data privacy impact assessment.
12) There are certain exemptions, ie circumstances in which the Data Protection regulations do not apply. These include use for personal rather than business purposes, and use while acting as a judge (Angela Davies is a Tribunal Judge). We consider whether we can rely on an exemption on a case-by-case basis. Where appropriate, we carefully consider the extent to which the relevant GDPR requirements would be likely to prevent, seriously impair, or prejudice the achievement of our processing purposes. We justify and document our reasons for relying on an exemption. When an exemption does not apply (or no longer applies) to our processing of personal data, we comply with the GDPR’s requirements as normal.
13) As well as other recourse, you have the right to lodge a complaint if you consider that the processing of your personal data infringes Regulations. The method for complaining is explained here: https://ico.org.uk/concerns.