Our Firm’s Privacy Notice

What is this?

1.       When you deal with D J Webb & Co Solicitors, you trust us with your information. We take privacy seriously and we are committed to protecting the data you provide to us.

2.       This notice explains when and why we collect personal data about you, how this data is used, the conditions under which it may be disclosed to others and how it is kept secure.

3.       This notice may change from time to time so please revisit this page occasionally to ensure that you are happy with any changes.

Who we are

4.       D J Webb & Co is the controller of your personal data when you engage it to provide services to you; this means that D J Webb & Co decides why and how your personal data is processed. D J Webb & Co is registered with the Information Commissioner under registration number Z9234490.

5.       Where this policy refers to ‘D J Webb & Co’, ‘we’, ‘our’ or ‘us’ below, unless it mentions otherwise, it is referring to the particular firm that is the controller of your personal data.

How we collect your personal data

6.       We may collect and process the following information about you in the following ways.

7.       We may receive information about you from you or third parties when we are acting for, or considering acting for, a client and we are required to obtain information about you, for example if you are a beneficiary of an estate or a party or a witness in a case. The information we receive may include your contact details, identification information, financial information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged or may be engaged to advise our client. Where we receive information about you, we will only use that information for the purposes of the legal transaction, case or matter (‘matter’).

Information that you give to us

8.       You provide information about yourself when you make an enquiry to D J Webb & Co or ask us to provide legal services to you, or when entering information via our website, opt-in/consent forms, apps or by communicating with us by phone, post, email, ‘live chat’, social media or otherwise. It includes additional information that you provide to us during the course of any matter.

9.       The information you give to us mainly includes your contact details, identification information, financial or billing information, employment information, details included in any correspondence and information about you in connection with any matter on which we are engaged to advise to help us in the course of a transaction or to pursue or defend a case.

Information we receive from other sources

10.     We may receive information about you from third parties. For example:

  • In transactional matters

Law firms, accountants and other professional advisers acting for you where you or our client is a party to such a matter, for example

–       a commercial transaction; and/or

–      due diligence.

  • In litigation, arbitration, mediation and other forms of dispute resolution

Law firms, counsel, experts and other professional advisers acting for you or our client, or from third parties, where you or our client is a party to or otherwise concerned in the course of, for example

–       disclosure, exchange of witness or expert evidence;

–       obtaining employment, health, educational records or reports; or

–       liaising with court and tribunal agents and officials in order to progress or respond to a matter.

  • From financial institutions

Banks, building societies and finance companies, who are clients of ours or from whom we are given or request information, where you are their customer/debtor.

  • From clients acting in a representative capacity

Personal representatives, attorneys, trustees, deputies and litigation friends who may provide us with information in connection with a matter, whether non-contentious or not, in which we are acting for you or a client.

Friends, family members or colleagues who may provide information about you as part of the work we undertake, for example where you are or may be:

–       a beneficiary of an estate or trust;

–       appointed by them in some representative capacity, such as executor; or

–       a party in or a witness to a dispute.

  • From people connected to recruitment

–       Recruitment consultants who may provide information about you to us in relation to a potential job at D J Webb & Co; or

–       Employers who may provide a reference about you to us.

  • From regulatory bodies

–       Regulatory bodies when making regulatory enquiries; or

–       The police when making enquiries into potential criminal offences.

  • From introducers and referrers

–       Professional advisers who may refer your matter to us; or

–       Any other introducer of a matter to us.

11.     We may supplement the personal data collected about you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit check.

12.     The information that we receive about you from others includes contact details, biographical, behavioural, fraud and billing information.

13.     The information that we receive about you from others can include both personal and special category data. Special categories of personal data are personal data about an individual’s:

(a)     race;

(b)     ethnic origin;

(c)     politics;

(d)     religion;

(e)     trade union membership;

(f)      genetics;

(g)     biometrics (when used for ID purposes);

(h)     health;

(i)      sex; and

(j)      sexual orientation.

14.     Criminal convictions or offences must be treated in the same way as special category data.

15.     Data about children will be handled carefully as they require particular protection.

Information we collect about you

16.     We may automatically collect information about you that we may observe, detect or create without directly asking you to provide the information to us. In common with most other businesses, this will mainly include information gathered automatically through your use of our website or online services.

Mandatory information

17.     If you are a client, please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents may result in our being unable to undertake identity verification as required by the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable.

Type of personal data we process about you

18.     As a legal practice dealing with cases and matters, we may process a range of personal data about you. To make it easier to understand the information that we use about you, we have divided this information into categories and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you).

table1.jpg

How and why we use your personal data

19.     We may use the information we collect about you in the following ways:

Where it is necessary for us to perform a CONTRACT with you

20.     We may use and process your personal data where we have supplied you (or continue to supply you) with any legal services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice.

21.     We will use your information in connection with the contract for the provision of services when it is necessary to carry out that contract or for you to enter into it. We may also use and process your personal data in connection with our recruitment activities, if you apply for a position with us (whether directly or through a third party) or send your details to us on a speculative basis.

22.    As we are a law firm seeking to provide legal services for financial remuneration, our necessity to perform this contract is the usual (or default) lawful basis for our processing your personal data. However, there may sometimes be another lawful basis [see paragraphs 23-31 below].

Where we have a LEGITIMATE INTEREST

23.     We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

  • to carry out our conflict checks so we are able to provide services to you;

  • to enter into and perform the contract we have with you or your business;

  • to assess and improve our service to clients or our clients’ customers (where applicable) through recordings of any calls and ‘live chat’ sessions;

  • for the prevention of fraud and other criminal activities;

  • to verify the accuracy of the data that we hold about you and to create a better understanding of you as a client and our clients’ customers (where applicable);

  • to create a profile of you based on any preferences you have indicated to enable us to decide what products and services to offer to you for marketing purposes;

  • to undertake analysis to inform our business and marketing strategy;

  • to manage and deliver internal projects for business improvement;

  • for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;

  • to comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

  • to assist in the management of queries, complaints or claims;

  • to notify you or your business of changes in the law that might affect you or your business; and

  • for the establishment, exercise or defence of our legal rights.

Where you have provided CONSENT

24.     Where you have given us your consent (via an opt-in consent process), we will use and process your personal data to send you email communications about events, products and news updates and relevant news and announcements [set out in Marketing below]. Such communications may include content on relevant legal updates, seminar and event invitations and other news/announcements.

25.     Please note that your information may be used to send you details of our products or services that we have identified as likely to be of interest to you, based on the preferences you have indicated to us.

26.     We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.

27.     You have the right to withdraw your consent at any time. Please see ‘Withdrawing your consent’ for further details.

Where required by LAW

28.     Where you engage us to provide legal services to you, we will process your personal data and the personal data of third parties in order to comply with our legal obligations, for example under the Civil Procedure Rules or the Family Procedure Rules. We also have a legal obligation to comply with the SRA’s Standards and Regulations.

29.     It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.

30.     We may also use and process your personal data in order to comply with other legal obligations to which we are subject, as follows:

  • to maintain a register of corporate gifts and hospitality to comply with anti-bribery laws;

  • to maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it;

  • to maintain a record of undertakings where [legal practice] is the giver or receiver of an undertaking; and

  • to comply with our other legal and regulatory obligations, e.g. undertaking conflict checks.

In the VITAL INTERESTS of the individual

31.     From time to time when representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety, we may in extreme circumstances use information about you or a person connected with you in order to take action to protect you or them.

Special categories of personal data

32.     We may have to process sensitive personal data (known as ‘special categories of personal data’) about you or others associated with you, for example your family. When we are processing such special category data, in addition to identifying a lawful basis for general processing [see, in particular, paragraphs 20-22 above], we also need to identify an additional condition (or second basis) for processing this type of data. As we are a law firm, the usual (or default) condition on which we would rely is that it is necessary to process your special data in connection with ‘the establishment, exercise or defence of legal claims’. In the alternative, other conditions (or bases) on which it would be appropriate to process special data would be where:

  • we have your explicit consent;

  • it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;

  • it is necessary to do so in whenever courts are acting in their judicial capacity; or

  • in exceptional circumstances, another ground for processing special categories of personal data is met.

33.     Where we are not relying on having a ‘contract’ with you for ‘the establishment, exercise or defence of legal claims’ to process your data and where you have instead provided us with explicit consent to use special categories of personal data about you, you may withdraw your consent for us to process this data at any time. Please see ‘Withdrawing your consent’ for further details.

34.     Please note that if you withdraw your consent for us to process special categories of personal data about you, this may impact our ability to provide legal or support services to you.

Others who may receive or have access to your personal data

Our suppliers and service providers

35.     Our work for you, or a client, may require us to provide information to third parties who will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include insurers, for example.

Others involved in your case or matter

36.     Our work for you, or a client, may require us to provide information to third parties such as law firms, accountants, counsel, expert witnesses, medical professionals and other professional advisers, who will use your information in connection with the matter. They may provide their own services directly to you.

37.     Where we are engaged by a third party, such as a bank or lender in connection with your contract with them, we may share information with that third party about the progress of the case.

38.     Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.

Other ways in which we may share your personal data

39.     We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will ensure that your privacy rights continue to be protected.

Where we store your personal data

40.     All information you provide to us for our use is stored on our secure servers, which are located within the UK and the European Economic Area (EEA).

41.     The third parties who may receive and have access to your personal data may be located outside the EEA or they may transfer your data outside the EEA. Those countries may not have the same standards of data protection and privacy laws as in the UK, which means additional safeguards must be put in place. Whenever we transfer your data outside the EEA, we impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK. We may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing. Any third parties transferring your data outside the EEA must also have in place appropriate safeguards as required under data protection law.

How long we will keep your personal data for

42.     If we collect your personal data, the length of time for which we retain it is determined by a number of factors including the type of data, the purpose for which we use that data and our regulatory and legal obligations attached to its use. We do not retain personal data in an identifiable format for longer than is necessary.

43.     We maintain internally a full schedule of types of data and the specified period of time we will retain this for.

44.     Typically, the retention criteria are as follows for the following data types:

table2.jpg

45.     The only exceptions to this are where:

  • the law requires us to hold your personal data for a longer period or to delete it sooner;

  • you exercise your right to have the data erased (where it applies) and it is not necessary for our firm to hold it in connection with any of the reasons permitted or required under the law (see ‘Erasing your personal data or restricting its processing’); or

  • in limited cases, the law permits us to keep your personal data indefinitely provided we have certain protections in place.

Your rights

46.     You have various rights in relation to your personal data under data protection legislation. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within 30 days from either (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.

Accessing your personal data

47.     We will of course supply you on request with any correspondence written by our firm on your behalf to a third party such as Home Office UKVI. You also have the right to ask for a copy of the data that we hold about you by using the contact details found at the end of this policy. We may not provide you with a copy of your personal data in certain circumstances but, should this be the case, we will explain why we are unable to provide the data.

Correcting and updating your personal data

48.     The accuracy of your data is important to us.

49.     If you change your name or address/email address, or you discover that any of the other data we hold is inaccurate or out of date, please contact us by using the details found at the end of this policy (please use ‘Correcting/Updating personal data’ as the subject heading of your email or letter).

Withdrawing your consent

50.     Where we rely on your consent (rather than contract) as the legal basis for processing your personal data, as set out under ‘How we use your personal data’, you may withdraw your consent at any time. In such a case, please contact us by using the details found at the end of this policy (please use ‘Withdrawal of consent’ as the subject heading of your email or letter).

51.     If at a later stage our firm sends you any information about our products or services, relevant legal updates and other news/announcements but you would like to withdraw your consent to receiving any such email communications as described to which you may have previously opted in, you can of course do so.

52.     If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.

Objecting to our use of your personal data and automated decisions made about you

53.     Where we rely on our legitimate interests as the legal basis for processing your personal data for any purpose(s), as set out under ‘How we use your personal data’, you may object to our using your personal data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are satisfied we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop processing your data for those purposes. Otherwise, we will provide you with our justification as to why we have to continue processing your data.

54.     You may object to our processing your personal data for direct marketing purposes (should our firm later engage in direct marketing) and, if you do so, we will immediately comply with your request.

55.     If our firm later engages in automated decision-making (which we do not at present) you may contest a decision made about you based on automated decision making please contact us by emailing or writing to us at the address found at the end of this policy.

Erasing your personal data or restricting its processing

56.     Although this is not an absolute right, in certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful basis to continue processing or holding your personal data, we will make reasonable efforts to comply with your request. This right does not apply where we need the need the information for the performance of our regulatory functions, or for example, in connection with the defence of a legal claim.

57.     You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal data while its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Transferring your personal data in a structured data file

58.     Where we rely on your consent as the legal basis for processing your personal data or have to process it in connection with your contract, as set out under ‘How we use your personal data’, you may ask us to provide you with a copy of that data in a structured data file. We may provide this to you electronically in a structured, commonly used and machine-readable form, such as a CSV file.

59.     You can ask us to send your personal data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal data in certain circumstances but we will explain why we are unable to provide the data.

Complaining to the UK data protection regulator

60.     You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal data. Please visit the ICO’s website (ico.org.uk) for further details.

Security and links to other sites

Security measures we put in place to protect your personal data

61.     The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website, and any transmission is at your own risk. Once we have received your personal data, we have in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration or unauthorised access.

62.     Where we have given you (or where you have chosen) a password that enables you to access any of our online or electronic resources, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.

Links to other websites

63.     Our website may contain links to other websites run by other organisations. Please see our website privacy policy. This policy does not apply to those other websites, so you should read their privacy statements. We are not responsible for the privacy policies and practices of other websites even if you access them using links that we provide, and their security cannot be guaranteed.

64.     If you linked to our website from a third-party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.

Cookies

65.     Like many other websites, our website uses cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our website). Cookies are small pieces of information sent to your computer and stored on its hard drive to allow our website to recognise you when you visit.

66.     It is possible to switch off or limit cookies by setting your browser preferences.

.

Marketing and other communications

67.     You may in due course elect to receive communications from D J Webb & Co (including information about our products and services, relevant legal updates, seminar and event invitations and other news/announcements) if you indicate to us a preference (‘opt in’) to do so. You may be invited to complete a client consent/opt-in process by email as a result of any of the following:

  • you or your employer becoming a client of D J Webb & Co;

  • your attendance at an event or seminar hosted, or co-hosted, by or with D J Webb & Co;

  • your attendance at a ‘public’ event organised or co-hosted by D J Webb & Co that has been promoted via social media or other advertisement;

  • your providing a business card directly to an employee of D J Webb & Co at (for example) a trade or networking/business event;

  • your registering your brief contact details to obtain information or free downloads from D J Webb & Co website;

  • an email request from you to attend an event we have advertised via social media or on our website or via a third party.

68.     We do not rely on your consent to receive communications indefinitely. You will receive an email from us at intervals of no less than two years where you will be asked to re-confirm your consent and preferences for legal topics and disciplines to ensure that the data we hold about your preferences, and your contact details, are current and accurate.

69.     We may contact you in response to an article or social media promotion that you have carried out.

70.     If you are a client or contact of D J Webb & Co, we may contact you personally to notify you of changes in the law that might affect you or your business, or specific events/information that may benefit you or your business.

71.     We will never share your information with third party partners for their own marketing uses, although we may use service providers to assist us with our own marketing.

72.     If you would like to change your preferences at any point, or wish to withdraw your consent, please visit the D J Webb & Co website to access the preference management centre where you can alter your preferences at any time. Please see ‘Withdrawing your consent’ and ‘Objecting to our use of your personal data and automated decisions made about you’ above for further details on how you can do this.

Contact us

73.     The person responsible for data protection at D J Webb & Co Solicitors is Mr David Webb. Please direct any queries about this policy or about the way we process your personal data to him at the contact details below.

74.     Please write to Mr David Webb at D J Webb & Co Solicitors, 24 Alie Street, London E1 8DE. Mr David Webb’s email address is djwebb@webbimmigration.com. If you also wish to speak to us by telephone, please call 020 7480 5999.