As part of furthering your case we, Tudur Owen Roberts Glynne & Co (this includes Edward Jones a’i Fab) will gather, process and collect data about you. We are the Data Controllers of your personal information. We are a firm of solicitors and we are regulated by the Solicitors Regulation Authority.
The Types of Data that we may hold:
The information that we hold about you may be obtained from a number of sources, for example:
• You may have provided information yourself
• You may have provided us with information about someone else – if you have the authority to do so
• The information may have been received from third parties so that we can undertake your legal work on your behalf.
Typically these organisations can be:
• Banks or building societies
• Organisations that have referred work to us
• Medical or financial institutions – who provide your personal records / information
Why the Data is held:
The data collected will then be held on our file (both paper and electronic) and used to deal with your case as part of our contractual obligation to you.
The main reason for asking you to provide us with your personal data is to enable us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples of what we may use your information for (the list is not exhaustive):
• Checking your identity
• Checking the source of monies
• Communicating with you
• To establish funding of your matter or transaction e.g. applying for Legal Aid on your behalf
• Obtaining insurance policies on your behalf e.g. indemnity policies in a conveyancing transaction
• Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or completing transactions
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts e.g. surveyors, actuaries, psychologists
• Responding to any complaint or allegation of negligence against us
Who has access to your Data:
Generally, we will only use your information within the firm and where necessary to further your case. Depending upon the nature of your case we may need to disclose some information to third parties. The following is a non-exhaustive list of who may have sight of your data:
• HM Land Registry to register a property
• HM Revenue & Customs e.g. for Stamp Duty Liability
• Welsh Revenue Authority e.g. for Land Transaction Tax
• Court or Tribunal Service
• Solicitors acting on the other side
• Barrister or Counsel appointed to represent your interests, whether for advice or to represent you at Court
• Non legal experts to obtain advice or assistance e.g. psychologist, surveyor
• Translation Agencies
• Contracted Suppliers e.g. IT support, case management system
• External auditors or our Regulator; e.g. the Legal Aid Agency, Lexcel, Solicitors Regulation Authority, Information Commissioners Office etc.
• Bank, Building Societies and mortgage lenders; or other financial institutions
• Insurance Companies
• Providers of identity verification
• Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
• If there is an emergency and we believe that you or others are at risk
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
What happens to your Data:
We understand that your information is valuable and needs to be protected. We will take all reasonable measures to protect it whilst it is in our care.
We have in place security measures to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as firewalls and anti virus support and we enforce, where possible, physical access controls to our buildings and files to keep data safe. Checks are undertaken and staff training provided.
What happens to your Data at the end of your case:
At the conclusion of the case we shall be writing to you to let you know what will happen to the data that we then hold. As a minimum, we will hold your data for 6 years from the date that the matter is concluded or the file closed.
The length of time that the data will be held will depend upon the nature of your case. The data will need to be held for as long as this is necessary in order to fulfil our contractual obligation to you. In some cases the data will be held for longer than 6 years or even held indefinitely. Examples of files that may be kept indefinitely are original Title Deeds (only where the property is unregistered), original Wills and associated papers and some personal injury matters.
The data will be stored within a paper file that will be archived and also electronically e.g. within our case management system.
You have the right to be informed about how we use your personal data and that is why this Privacy Notice is being sent to you.
You have the right to make a Subject Access Request. The request must be made in writing or via email and the request should give your name, address, email address(if relevant), your telephone number, the reference for your file(s) (if possible), the dates that you instructed this firm(even if only approximate), the solicitor/fee earner(s) who dealt with your case and whether you are seeking any specific information.
We will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Please note that under a Subject Access Request you are only entitled to the personal information that we hold about you. It does not mean that you are entitled to the actual documents that contain the data. You would not be entitled under a Subject Access Request to receive information held on file regarding a third party e.g. another party in your case. Any information that refers to a third party would have to be redacted i.e. blocked out.
We would have to supply the data within 30 calendar days.
You have the right to have your personal data rectified if it is inaccurate or incomplete although we may in some circumstances request documentary evidence to verify. If the incorrect personal data has been disclosed to a third party we will inform that third party of the rectification, where possible.
You have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
• Where you disagree with the accuracy of the data – we should restrict the processing until we have verified the accuracy of that data
• Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
• Where processing is unlawful and you request restriction
• If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim
You can request that the data that we hold about you be destroyed although please note that we may still be able to retain copies of the data under certain circumstances where there are compelling reasons for its retention e.g. as the matter has not yet been concluded, to defend a claim or deal with a complaint and in order to try to avoid a conflict of interest from arising in the future.
You can complain about how we have handled your personal data. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). You can contact them by calling 0303 123 1113 or by visiting the website www.ico.org.uk/concerns.
Changes to this privacy notice:
We constantly review our internal privacy practices and may change this policy from time to time. Any updates we make will be posted on our website and we may notify you by email. The website can be found at www.tudurowen.co.uk
Who to contact:
You should send your request in writing to Meleri Glyn Jones at Tudur Owen Roberts Glynne & Co, Moreia, South Penrallt, Caernarfon, Gwynedd, LL55 1NS.
Contracted with the Legal Aid Agency
- Authorised and regulated by the Solicitors Regulation Authority under Nos. 650937, 74843, 74844, 74845 and 74846