Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you whowe share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who we are?
Antony Clapp Solicitors is a trading name of ACS Legal Limited, which is a private company limited by shares registered at Companies House under company number 08810376.
Our registered offices are Holly Bank Chambers, Oasts Business Village, Red Hill, Wateringbury, Kent ME18 5NN.Phone: 01622 815940 email:email@example.com.
ACS Legal Ltd collects, uses and is responsible for personal information about you. When we do this we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
What do we do with your information?
Whose data do we hold?
We may hold data about the following people:
Suppliers and service providers
Petitioners and Respondents
Advisers, consultants and other professional experts
Information collected by us
When carrying out legal services in relation to a client matter we collect personal information that you provideto us. This may be:
Identity and contact information
Lifestyle and/or social circumstances
Business contact and activities
We may also collect ‘special category’ information such as:
Physical and mental health
Racial or ethnic origin
Religion or philosophical belief
Sex life or sexual orientation
When carrying out recruitment activities we collect full name, email and postal address, phone number and other relevant information provided by youon your CV, application form or letter.
Information collected from other sources
As a matter of routine in relation to managing a client matter, we will also receive personal information regarding a spouse/partner via the Solicitor and/or Practice representing them.
As part of Anti-Money Laundering legislation requirements we will undertake a web-based AML check on all new clients. This information is sourced from suppliers such as BT, Royal Mail, HM Treasury, OFAC, Creditsafe, Equifax, Experian, Lawyer Checker and LexisNexis.
We may process information contained in any enquiry you send us via our website or any company email address. Enquiry data may include your name and email address, plus any details you provide to us to support your enquiry.
We collect information about your use of our website through cookies. Cookies are information that files storedon your computer, tablet or smartphone access to help websites remember who you are, as well as information about your visit. This helps us understand how you engage with our site and is processed through Google Analytics. The site usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths.
We also use third party cookies to allow you to share content directly on the social networking/sharing sites like Facebook, Twitter or Google+. Examples would be if you wanted to “like” or “tweet” about an article we have written on our blog.
We may also use internet based people finder websites to trace people and their addresses, for example, for the reimbursement of client money or non-payment of bills.
How we use personal information
We use personal information for the following purposes:
The provision of legal services including advising and acting on behalf of clients.
To maintain our accounts and records.
The promotion of our goods and services.
To support and manage our employees.
Information that has to be provided by you and why
Before we can legitimately act on your behalf, you must provide your fullname and proof of addressto us. This can be a combination of your current passport, a photographic driving licence or a utility bill issued within the last three months. This personal information must be provided to enable us to comply with the requirements of the Anti-money Laundering & Counter Financing of Terrorism Act.
When we collect information from you, we will inform you whether you are required to provide this information to us.
Legal reasons we collect and use your personal information
The legal basis for theprocessing of your information is the performance of a contract between you and us and/or preparing, at your request, to enter into such a contract. It is also in our legitimate interests, namely:
the legal compliance, management &administration of our business
the recruitment, selection and employment of our staff
the analysis and improvement of our website and services.
We keep information passed to us confidential and will not disclose it to third parties except as authorisedby youexpressly or implicitly, stated within our terms of business or required by law.
Who will we share your personal information with?
If, on your instruction, we are working with other professional service providers we may need to disclose any relevant information about your matter to them. If we do need to do this we will request your permission before doing so. The information shared could include any of the datalisted in the “Information collected by us” section on page one of this policy.
The types of third parties are:
Healthcare professionals, social, welfare or dispute resolution organisations
Courts and tribunals
Ombudsman and regulatory authorities
Credit reference agencies
We will share personal information with law enforcement agencies if required by law. We may also disclose your information to debt collection agencies if you do not pay our bills.
Transfer of your information outside the European Economic Area (EEA)
All electronic and manual data controlled by ACS Legal Ltd is stored securely within the UK. However, in some circumstances it may be necessary to transfer your personal information outside the EEA or to an international organisation for the performance of your contract with us or for the exercise or defence of legal claims on your behalf. For example, dealing with or inrespect of a property you own outside of the EEA. If this occurs we will always seek your permission to do sobefore proceeding as these countries do not have the same data protection laws as the United Kingdom and EEA.
However, we aim to providea similar degree of protectionof your personal databy employingat least one of the following safeguards:
Only transferringpersonal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and
In relation to providers based in the US, transferringdata to them if they subscribe to the ‘Privacy Shield’,which requires them to provide similar protection to personal data shared between the Europe and the US.
If we are unable to comply with these safeguarding measures and no other legal framework can be used,then we may also refer to one or more of the derogations listed in the Regulation. Examples of derogations include, an individual giving consent for their data to be transferred; if a transferis necessary for the conclusion or performance of a contract; or for exercising defence in legal proceedings. If you would like any further information please contact the Solicitor responsible for your matter.
How long will we store your personal data?
We only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. We will keep client files for seven years from the date that they are closed, except those papers that you ask to be returned to you. We keep files on the understanding that they can be destroyed after this retention period, unless there is an outstanding debt on the account.We will not destroy documents you ask us to deposit in safe custody or a will that we prepared for you. More detailed information is contained within our data retention policy, which is available on request.
We rely on your explicit consent to process information in relation to marketingand non-matter related communications. You provide this consent when you opt-in onthe “Supplemental Sheet incorporated in the Terms of Business of Antony Clapp Solicitors” document you sign and return instructing us to work on your behalf. You have the right to withdraw this consent at any time, but this will not affectthe lawfulness of any processing activity we have carried out prior to you withdrawing your consent. You can opt-out by emailing firstname.lastname@example.org or writing to us at our registered address, the details of which can be found on page one.
Under the General Data Protection Regulation,you have a number of important rights that you can exercise free of charge.
In summary, these are:
For us to provide you with details of how we use your personal data and fair processing of your information;
For us to give you access to your personal information and other supplementary information;
For us to correct any mistakes or complete missing information we hold on you;
For us to erase your personal information in certain circumstances;
For us to give you a copy of the personal information you have provided to us (or have this information sent to a third party) in a structured, commonly used and machine readable format;
For us to restrict our processing of your personal information in certain circumstances;
For you to object at any time in relation to the processing of your personal information for direct marketing;
For you to object, in other certainsituations, to the continued processing of your personal information;
For you to request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual's rights under the GDPR. If you want to exercise any of these rights, please email, call our write to us by using the contact details listed on page one. However, in order for us to be able to act on your request you will need to:
Let us have proof of your identity and address, either in original or certified copy format, for example:
current, valid full passport (certified copies must show nationality, place and date of birth, passport number, expiry date, photograph and signature)
current, valid full UK photo-card driving licence with signature or ‘old style’ driving licence
current, valid UK photo-card provisional licence
Northern Ireland Voter’s Card showing your current address
Armed Forces ID Card
State the right or rights that you wish to exercise.
We will respond to you within one month from when we receive your request. Please note if you wish to unsubscribe from any email you can do so by writing or emailing us, the details for which can be found on page one. It may take up to 14 working days for this to become effective.
How to make a complaint?
Wehope that you are happy with our service and that we can resolve any issues or complaints that arise. Please get in touch if you have any concerns (see ‘Get in touch’ below).
The General Data Protection Regulation also gives you the right to lodge a complaintwith a supervisory authority, in particular in the European Union (or European Economic Area). You will need to state where you work, normally live or where the alleged infringement of data protection laws occurred. The UK supervisory authority is the Information Commissioner’s Office, who can be contacted at https://ico.org.uk/concerns/.
The information we collect and retain about you can be held by usin either hard-copy or electronic format.
Our electronic protection measures are as follows:
Computers are locked or turned off at the end of the day by all users.
All workstations have antivirus software that is monitored centrally and provides email and website real time scanning and blocking.
Access to data is securedvia usernames, complex passwordsand ifnecessary, a lockout mechanism.
Installation of a network intrusion prevention system, spam email filtering and virus protection software.
A fully encryptedsystem backup to a UK cloud storage system owned, controlled and managed by our IT providers.
An encrypted connection to acloud based electronic practice management system which holds and backs up data inUK based data centres.
Our security measures of your information stored in hard-copy are as follows:
We have a clean desk policy and all personal information is securely stored at the end of each dayin lockable cabinets.
There is a managed and robust system for the security of all office and cabinet keys.
The building has a maintained alarm and access to our offices is protected by coded door locks.
Archived files kept at our offices are stored in a designated secure room.
Archived files kept off-site are stored by organisations that are ISO27001 accredited.
We do not intend to process your personal information for any reason other thanstated within this privacy notice. If this changes, we will inform you by your preferred method of contact.
Changes to this privacy notice
This privacy was published on 28th June 2018 and last updated on the same date. We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you by your preferred method of contact.
Get in touch
If you have any questions about this privacy notice or the information we hold about you, please contact us using the details listed on page one of this policy.
If it would be helpful to have this notice provided in another format (for example: in another language, audio, braille) please contact us using the details listed on page one of this policy.