1. Overview of the policy:
1.1 We, Falcon Solicitors act on your behalf as your legal representatives and advisers. As a firm of Solicitors, we are bound not only by the Solicitors Regulation Authority and Professional Conduct Rules 2011 to protect and keep client data totally confidential but also by the Data Protection Act 1998 and we have always taken the security and privacy of your data seriously.
1.2 The EU General Data Protection Regulations 2018 is new legislation which gives you more rights than ever before. We ensure that we comply with our legal obligations, hence the introduction of this new policy document.
1.3 As part of the service you provide to us as your legal advisers, entrust the firm with highly confidential personal information which touches every part of your life and is strictly private. This information is known as Data and you are the Data Subject. We handle you and control the data, so we are called the Data Controllers. We have a Data Controller specifically assigned to monitor our data processing whose job it is to make sure they know exactly how your data is being looked after, how it is being processed and it is also their job to provide a copy of that data whenever you have cause to ask for it.
1.4 We intend to comply with our legal obligations under the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security and have a duty to notify you of the information contained in this policy.
1.5 This policy applies to all our clients and service users. When you want to use our services, at the outset, that you sign a letter of authority requesting the firm to act on your behalf. You also sign a retainer/Client Care letter. Now when you sign these document(s), you will also receive a Privacy Notice notifying you of the additional rights and our continuing obligations under the GDPR.
1.6 This policy contains all you need to know about how we will use your date, how we will store it and keep it safe, particularly how long we will keep it for, who this data is shared with, when we can erase it. It explains your rights as a data subject. it also explains what you can do to access your data, give or withdraw your consent to Falcon Solicitors if you do not want us to hold your data any longer. It explains who to contact in the event of a complaint; i,e; the Information Commissioners Office. Falcon Solicitors will hold data in accordance with our Data Retention Policy which is stipulated below.
2. Data Protection Principles
2.1 Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:
• be processed fairly, lawfully and transparently;
• be collected and processed only for specified, explicit and legitimate purposes;
• be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
• be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
• not be kept for longer than is necessary for the purposes for which it is processed; and
• be processed securely. We are accountable for these principles and must be able to show that we are compliant.
3. How we define personal data
3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data. This policy applies to all personal data whether it is stored electronically, on paper or on other materials. This personal data might be provided to us by you, or someone else as a referee, or your doctor, or your bank or by government institutions to assist us to make representations on your behalf.
4. Types of personal data: Examples of your personal data are: • your contact details and date of birth; • Your passport details • National Insurance number and work history • Your parents biographical details • Your CV, references, qualifications and membership of any professional bodies and details; • the contact details for your emergency contacts;• your gender; • your marital status and family details; • information about your life, history, work history, biography; • your bank details and information in relation to your tax status • Your pension details and public funds /DWP benefits • your identification documents including passport and driving licence and information in relation to your immigration status right to remain in the UK • electronic information in relation to your email addresses • Your telephone records • your images (whether captured on CCTV, by photograph or video); Text messages and details of Skype/Video calls (if provided by you or your family) • any other category of personal data which we may notify you of from time to time.
5. Special categories of personal data are types of personal data which from time to time are used to ensure equal opportunity regulations are being adhered to and in some cases to assist with Asylum applications. This information consists of : • your racial or ethnic origin; • your sexual orientation; • your health; • your political opinions; • your religious or philosophical beliefs; • your genetic or biometric data; • any criminal convictions and offences. We may hold and use any of these special categories of your personal data in accordance with the law.
6. How we define processing
6.1 ‘Processing’ means any operation which is performed on personal data such as: • Receiving and giving information; • collection, recording, filing, organising, structuring, identifying, comparing, analysing, compiling, indexing, selecting for relevance, collating, scanning, submitting and storage; • Intellectual input to refine data; translation to English where required and further adaption; • Advising and drafting representations. • retrieval, consultation or use; • disclosure by transmission or otherwise making available by copying and sharing the information with relevant third parties directly associated with the case or other duly authorised persons • and restriction, destruction or erasure. This includes processing personal data which forms part of a filing system.
7. How will we process your personal data? Falcon Solicitors will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act.
8. We will use your personal data: • First and foremost, to carry out your instructions and to work in your best interest. • We record the data in physical files and store them in the Filing cabinets (compliant with the SRA). • We also store the information in the electronic files shared on a local network accessible to other computers within the premises. • A copy of that data is also uploaded in the Cloud for storage and recovery purposes. • This information will be accessible to legal personnel at Falcon Solicitors who have given their separate undertaking to meet their obligations under the GDPR. • The information will be shared via secured email or post with Barristers and relevant government departments / institutions on need to know basis. In all data processing, we seek assurance that your data will be safe with that third party. • Once the information is received from third party, that information is relayed to you or your designated person. • We will use your personal data strictly and only for the purpose for which we are instructed to bring about a resolution of your claim which may be resolved in courts or Tribunals in the UK. • We will not use your personal data for any unrelated purpose whatsoever without telling you about it and the legal basis that we intend to rely on for processing it. • If you choose not to provide us with certain personal data you should be aware that we may not be able to carry out the work you have asked us to do.
9. We will NOT use your personal data: • For profiling; Marketing; selling it; sharing with data houses.
10. When we process your data: We have to process your personal data in various situations during your relationship with us; for example receiving your bank details when you pay us for our work; • Reading, understanding, collating, indexing, paginating the biometric and financial data you provide us to complete your various applications to UK government bodies and courts and tribunals; • to check your passport details and work permissions so we can advise you correctly in connection with your instructions; • Discussing your personal and biometric data with you to enable us to carry out your instructions and obtain the best result for your legal matter. • Handling your file and filing it away securely to assist easy retrieval • Summarising your case and producing a chronology to exchange with Barristers and advocates who will also be privy to your data. • and for any other reason which we may notify you of from time to time.
11. Consent to process data: We will only process data and special categories of your personal data if we have your explicit consent which is why we will ask you for your consent at the outset when you provide us with instructions and commit to using our services. You can withdraw consent later if you choose by contacting Data Controller when your matter is complete. We will always let you know when we have finished with your data and we will ask you for your instructions as to storage, destruction, erasure, or return of your data.
12. Your Rights as a Data Subject (to exercise any of these rights below, simply write to the Data Controller at the addresses given or email at email@example.com) a) Right to Withdraw your Consent – you can withdraw your consent at any time – you would normally withdraw your consent at the termination of your matter. However, you could withdraw upon changing legal representatives. b) Right to Receive a Copy of your Data You have the right to access your own personal data by way of a subject access request (see above). You can correct any inaccuracies in your personal data. To do so you should contact Data controller or Deputy. c) Rectification of Data / correction; if you want to provide us with an updated information, you are welcome to write to us or contact us by telephone. d) right to Restrict Processing: You may wish to provide information and then inform us not to use it or share it with the other persons stated above. e) Right to transfer Data; You have a right to have your data transferred, for instance to another solicitor. f) you have a right to object to any data processing that you think is unacceptable to you. g) Right to Erasure (usually known as the right to be forgotten) You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact Nabeela Arshad in writing. We will respond to you within a month. (The right is not absolute and does not apply if we must keep the data to comply with legal obligations or for exercising or defending our legal claim. Moreover, Solicitors Regulation Authority require solicitors to hold files for 6 years and then destroy the file). h) Right to complain to the ICO; i) Right to be informed about Data Breach You have a right to be notified if a data breach has occurred. An example data breach is where a key ring with a USB drive has been lost and the USB holds valuable client data which may have fallen into other hands. In the unlikely event that something like this happens with your data, we will notify you as soon as possible. We are also required to inform the Information Commissioner’s office that this has occurred. f) How to Complain to the ICO If you feel that there has been a data breach. You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
13. Destruction of Data: The files will be retained for 6 years from the matter coming to an end and then destroyed. To ensure the safe destruction of the data we use only the most reputable mobile data destructions company who issue certificate of destruction. Data is destroyed at our premises.