The EU's General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018 both apply from 25 May 2018.
We are sending you this privacy notice to ensure transparency regarding our client data in terms of what information is held, how it is stored, why we hold it, and what we do with it. This notice tells you what we do with your personal information when you make contact with us or use one of our services.
In providing you with legal advice, we will process and store your personal information, which may include special category data such as health details. We have legal and professional obligations to keep your personal information and special category data confidential. We comply with UK and EU data protection laws and with the Solicitors Regulation Authority rules on client and data confidentiality.
We are committed to keeping your personal information secure. We have put in place physical, electronic and operational policies and procedures designed to safeguard and to secure the information we collect and hold.
The information we hold about you may include personal information and special category data. It will typically include:
We do not provide services directly to children or proactively collect their personal information. However, we are sometimes given information about children while handling a matter. The information in the relevant parts of this notice applies to children as well as adults.
The data we hold will have come from:
It is very important to ensure that we hold up to date information, so please remember to tell us about any of the following as soon as possible:
We will process your data only for the purpose of providing you with the legal services described in the enclosed client care letter. If the scope changes, we will tell you. With your consent, we may also use the data for advising you of our other products and services which we think may be of interest to you.
We will never sell your personal data to anyone.
We may share information about you:
This may involve them handling your personal information. The firm requires all third parties to sign a confidentiality and compliance document to confirm that your data is protected.
The legal bases we rely on to process your personal data are as follows:
If the information you provide us contains special category data, such as health, religious or ethnic information the legal basis in GDPR we rely on to process it is:
Whilst we store our data in the United Kingdom (or the European Economic Area, to which equivalent protections apply) we will, with your consent, transfer your data to third countries if your matter requires. For example, if you are a resident of China, we will email you there. You must be aware that third countries do not offer the same degree of protection as the UK and in particular email correspondence might be subject to government surveillance or other interception or monitoring. We are not responsible for data security in third countries. If requested we will agree suitable password protection for email correspondence.
Under data protection law, we need to tell you about your rights. Those available to you depend on our reason for processing your information:
We will keep your information for only as long as necessary and in accordance with UK and EU law. We will retain your file for at least 7 years. Even if your matter does not complete, the Money Laundering Regulations 2017 require us to keep evidence of your identity, with supporting documentation, for 5 years after we complete our work for you.
We take great care of our clients' data. We have robust data protection and information security policies. Our database is encrypted, and backed up frequently. All our systems are password-protected, with appropriate anti-virus and other security measures. Access is on a need-to-know basis only. We do not set out bank details in emails.
We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact our Data Protection Officer at dpo@chevallegal.co.uk and we'll investigate and respond in accordance with our complaints procedure.
If you remain dissatisfied, you can complain about the way we process your personal information to the Information Commissioner. You should do this within three months of our response.
You can contact the Information Commissioner's Office:
By phone: 0303 123 1113 or 01625 545745
By email or live chat on the ICO website: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
By post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
You should also write to our Data Protection Officer if you would like a copy of the personal information we hold about you, or to ask us to correct any inaccurate information, or to remove (where justified) your personal information from our records.
Cheval Legal Limited