This Privacy Notice explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For clients of this firm, you should read this Notice alongside our Terms and Conditions which provide further information on confidentiality, data privacy and data disclosure.
The website covered by this Notice is www.rosenberg-and-co.com
This Notice does not apply to any websites that have a link to ours.
Data is collected, processed and stored by Rosenberg & Co Solicitors of 673 Finchley Road, London NW2 2JP. We are the ‘data controller’ for the purpose of the General Data Protection Regulation (GDPR) or any other relevant Data Protection Law.
Rosenberg & Co Solicitors are authorised and regulated by the Solicitors Regulation Authority under number 407587.
If you wish to view our Data Protection Act registration, the Information Commissioner's Office reference is Z8991953.
Our Data Privacy Manager is Stuart Howard Rosenberg of Rosenberg & Co Solicitors who can be contacted by email – firstname.lastname@example.org
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would use your data, please email email@example.com
4. THE DATA WE COLLECT ABOUT YOU
The exact information that we will request from you will depend on what you have asked us to do or what we are contracted to do for you.
Personal data, or personal information, means any information about an individual from which that person can be identified.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) nor do we collect any information about criminal convictions and offences.
We may collect, use, store and transfer different kinds of personal data about you as follows:
Identity Data includes your name, marital status, title, date of birth, National Insurance Number, work status.
Contact Data includes your address, email address and telephone number.
Document Data such as copies of your passport, driving licence, utility bills etc.
Financial Data includes bank account, salary and payment card details.
Transaction Data includes details about payments to and from you, and other details of services you purchase from us.
Source of Funds Data - if a transaction is involved, we will need details to support the funding of the transaction and how the funds came to be accumulated in order to comply with our obligations under Anti-Money Laundering Regulations.
As part of our Anti-Money Laundering Procedures, we may carry out on-line searches to assist us in verifying your identity and any related parties to the matter or transaction. We may use companies within the EEA or globally to assist with these obligations but will ensure that these parties keep personal information safe whilst in their possession.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
Profile Data includes your feedback and survey responses.
5. SOURCES OF INFORMATION
Information about you may be obtained from a number of sources, including:
You may volunteer the information about yourself by filling in forms or by corresponding with us by phone, email or otherwise. This includes personal data you provide when you request information from us about our services or give us some feedback.
You may provide information relating to someone else – if you have their authority to do so.
We may obtain information from publicly available sources.
Non-identifiable information on you may be collected on our website.
Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be:
· Banks or building societies.
· Panel providers who allocate legal work to law firms.
· Organisations that have referred work to us.
· Financial institutions who provide your personal records/information.
Other professional service firms such as accountants or independent financial advisers.
Financial and Sanctions screening providers.
6. WHY WE NEED YOUR DATA
The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work – or to respond to requests for information such as providing a quote.
Under Data Protection law, we can only use your personal data if we have a proper reason for doing so, eg:
To comply with our legal and regulatory obligations;
For the performance of our contract with you or to take steps at your request before entering into a contract;
For our legitimate interests; or
You have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as it is not overridden by your own rights and interests.
The following are some examples, although not exhaustive, of what we may use your information for:
Verifying your identity and establishing the funding of any transaction you have asked us to carry out. This may involve us asking about how you came to accumulate the funds that are being used in your transaction. Where funding is being provided by a family member or a third party, we may need to ask you to obtain information from them and personal information provided to us will also be subject to the terms of this Privacy Notice;
Communicating with you.
Obtaining insurance policies on your behalf.
Processing your legal transaction.
Keeping financial records of your transactions and the transactions we make on your behalf.
Seeking advice from third parties in connection with your transaction.
Responding to any complaint or allegation of negligence against us.
Providing updates and ID information to third parties connected to your transaction when this is in your interests and there is no disadvantage to you by so doing.
Internal Management and Planning which includes: resource management, planning of tasks and meetings, keeping records of sources of work and new enquiries and storage and archiving of files and documents.
Screening for financial and other sanctions or embargoes
Marketing our services to you as a client or former client.
7. WHO HAS ACCESS TO YOUR DATA
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Rosenberg & Co Solicitors. However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:
HM Land Registry to register a property.
HM Revenue & Customs, e.g. for Stamp Duty Land Tax Liability.
Solicitors acting on the other side of your matter.
Court or Tribunal.
Asking an independent Barrister or Counsel for advice or to represent you.
Estate agents, mortgage brokers, developers, accountants and other professional service firms.
Non-legal experts to obtain advice or assistance.
Contracted Suppliers eg our Accounts Package provider.
External auditors or our Regulator, e.g. SRA, ICO etc.
Bank, Building Society or other Lender providing your mortgage finance.
Solicitors and insurers representing our interests in the event of a claim against us by you.
Providers of identity verification and assurance tools, including electronic Anti -Money Laundering checks.
Any disclosure required by law or regulation such as the prevention of financial crime and terrorism.
If there is an emergency and we think you or others are at risk.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
8. SHARING OF DATA
We do not share personal information with third parties unless we need to do so. Data may be shared to complete a client's legal work and as required by law.
We never sell your personal information to third parties.
9. DATA PROTECTION AND SECURITY
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have technological and operational security policies and procedures in place to protect your data from loss, misuse, alteration or unintentional destruction.
Our personnel who have access to the information have been trained to respect your confidentiality and to look after the data in our possession.
10. DATA TRANSFERRED OUTSIDE THE EEA
Where possible, your personal information will be processed within the EEA.
To the extent that we are able, we will prevent this occurring, but this may not always be possible.
We will ensure that if your data is transferred to a country or territory outside the UK or EEA that has not received a binding adequacy decision by the European Commission or a competent national data protection authority, then such transfer will be subject to appropriate safeguards that provide an adequate level of protection in accordance with the EU General Data Protection Regulations or any subsequent UK enactment.
11. VISITORS TO OUR WEBSITE
You can gain access to most of our website without giving us your personal information. However, where you have the option to provide us with your personal information through our website, you consent to our use of it as set out in this Privacy Notice.
We may use your personal data to send you updates (by email or post) about legal developments that might be of interest to you and/or information about our services (including exclusive offers), promotions or new services.
We have a legitimate interest in processing your personal data for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by contacting us in any of the following ways:
by email to firstname.lastname@example.org
by post to Stuart Rosenberg, Rosenberg & Co Solicitors, 673 Finchley Road, London NW2 2JP.
using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future or if there are changes in the law, regulation, or the structure of our business.
13. AUTOMATED DECISION MAKING
We do not use your information for automated decision making.
14. IF YOU FAIL TO PROVIDE PERSONAL DATA
When we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel the contract you have with us but will notify you if this is the case at the time.
15. YOUR DUTY TO INFORM US OF ANY CHANGES
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes your relationship with us.
16. HOW LONG WILL WE KEEP YOUR INFORMATION FOR
Information may be held in computers or manual files.
We only retain the information for as long as is necessary:
to carry out your work;
as is required to be kept by law;
for a minimum of seven years from the conclusion of closure of your legal work in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us.
to comply with any client instructions to extend the retention period in relation to their documents.
to fulfil the purposes for which the information was collected.
Deeds related to unregistered property are kept indefinitely as they evidence ownership.
In some circumstances you can ask us to delete your data - see Paragraph 17(c) below for further information.
17. YOUR RIGHTS UNDER THE GDPR LEGISLATION
(a) Right of Access to your personal data
You are entitled to access your personal data (otherwise known as a 'right to access'). If you wish to make a request, please do so in writing addressed to our Data Privacy Manager, Stuart Rosenberg; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth etc - but it does not mean you are entitled to the documents that contain this data. A subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or legal matter rather than your personal data.
(b) Right of Rectification of your personal data
You may request rectification of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
(c) Right to erasure of your personal data
This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Please note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(d) Right to restrict processing of your personal data
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
(i) if you want us to establish the data’s accuracy;
(ii) where our use of the data is unlawful but you do not want us to erase it;
(iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
(iv) you have objected to our use of your data but we need to verify whether we have
overriding legitimate grounds to use it.
(e) Right to object to processing of your personal data
You have the right to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
(f) Right to withdraw consent
You have the right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Depending on the nature of the request, we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter, in which case work would cease at the earliest opportunity, but you would remain liable for the fees and disbursements incurred to date.
18. COMPLAINTS ABOUT THE USE OF YOUR PERSONAL DATA
Please contact Stuart Rosenberg if you have any complaint or concern over how your data will be used. He will acknowledge your complaint and reply to your concerns. If you are not satisfied with the response, the UK regulator on data protection issues is the Information Commissioner’s Office. Their telephone number is 0303 123 1113 and their website is www.ico.org.uk.
19. JURISDICTION AND APPLICABLE LAW
The English courts will have exclusive jurisdiction over any claim arising from or related to a visit to our website or a data breach. However, we retain the right to bring proceedings against you for breach of these website conditions in your country of residence or any other relevant country.