This policy covers Thomas Simpson Solicitors Ltd’s use of personal information.
If you provide us with any personal data we may use it to provide you with any further information or services you have requested. We may also use it for any other purpose for which you give your consent. For example, we may send you additional information about the firm or its services in pursuit of our legitimate interests or if you have consented to us doing so.
- the personal information we collect about you
- what we do with your information, and
- with whom your information might be shared.
What do we do with the information you supply to us?
From time to time, you will be asked to submit personal information about yourself (e.g. name, address, email address and mobile telephone number) in order to receive or use our services and to enable us and our service providers to provide you with the services you require.
If you are aged 16 or under, you will have to obtain your parent’s/guardian’s permission beforehand.
Whenever you provide such information, we will treat that information in accordance with this policy. When you supply personal information to us we have legal obligations towards you in the way we use such data. We must collect the information fairly and tell you if we want to pass the information on to anyone else.
Any information you provide will only be used within our firm and by its agents, service providers and its regulators and auditors. Your information will also be disclosed where required by law.
How we use the data you supply
Please note that we cannot guarantee that any email sent from you to us will be received by us or that its contents are or will remain secure during or following transmission. Also we cannot guarantee that emails sent by us to you are secure. If you have any concerns about the security of email transmissions to or from us, you may prefer to telephone or write to us instead. It is very important that you do not send your bank details to us by email and never act on instructions purporting to come from us by email containing bank account details
Who we are
Thomas Simpson Solicitors is a ‘data controller’ for the purposes of data protection legislation (i.e. we are responsible for and control the processing of your personal information)
We are based in the United Kingdom and do not have equipment outside of the UK which is used for processing personal data.
What information do we collect?
If you submit an enquiry (whether by telephone, in person, in writing, by email or via our website) then we will hold your email details and any information you provide. We will use and keep (process) this information so we can respond to your enquiry. If you instruct us to act for you, then we will use the information you provide in order to progress your matter or case and it will be kept until its conclusion with any papers being securely archived and then confidentially destroyed in accordance with our regulatory and legal requirements.
Personal information provided by you
We collect personal information about you (such as your name, address, date of birth, email address, telephone contact numbers) when you contact us. We also collect personal information when you contact us or send us feedback via the website or social media.
Personal information provided by third parties
Occasionally we may receive information about you from other sources (such as the local authority or government agencies, or police), which we will add to the information we already hold about you in order to help us provide our services to you.
Personal information about other individuals
If you give us information on behalf of someone else, for example when you are a guardian or parent of a child (which can be someone of 16 or under) or you act as a deputy or attorney, you must confirm that the other person has appointed you to act on their behalf and has agreed that you can:
- give consent on their behalf to the processing of their personal data;
- receive on their behalf any data protection notices;
- give consent to the transfer of their personal data abroad; and
- give consent to the processing of their data that falls within the special categories, such as information relating to health and sexual orientation.
Special categories of personal information
We may ask you to provide sensitive personal information as part of your matter or case. If we request such information, we will explain why we are requesting it and how we intend to use it. We will only request this type of personal information with your explicit consent and for the purposes of progressing your matter or case.
Special categories of personal information include information relating to:
- your ethnic origin
- your political opinions
- your religious or philosophical beliefs
- whether you belong to a trade union
- your health
- your sex life or sexual orientation, and
- your genetic or biometric data which identifies you
We may also request information concerning criminal convictions and offences for the purposes of representing you in a matter or case being dealt with at a court.
Monitoring and recording communications
We reserve the right to monitor and record communications with you (such as telephone conversations and emails) for the purposes of representing you, quality assurance, training, fraud prevention and compliance.
How will we use the information about you?
We use the information about you primarily for the provision of legal services to you and for related purposes so that we can:
- identify you and manage any matters or cases that you have with us;
- update and enhance client records;
- process your requests;
- let you know about other products or services that may be of interest to you;
- detect and prevent fraud;
- do an online identity check;
- make statutory returns;
- comply with our legal and regulatory obligations;
- notify you of any changes to our services that may affect you; and
- improve our services.
Our use of that information is subject to your instructions, data protection law and our duty of confidentiality.
Who your information might be shared with
Please note that our work for you may require us to pass on such information to third parties such as expert witnesses, medical professionals and other professional advisers, including sometimes advisers appointed by another party to your matter. We may also give such information to others who perform services for us. Our practice may be audited or checked by our accountants or our regulator or by other organisations. All such third parties are required to maintain confidentiality in relation to your files.
Examples of those to whom we may disclose your personal data are:
- our agents and service providers. Please see the table below for examples.
- online identity check agencies
- law enforcement agencies in connection with any investigation to help prevent unlawful activity
- our banks in connection with the progress of your case or matter
- your representative such as a parent or guardian or attorney
|Examples of our Agent/ Service providers||Why we share your personal data|
|HMRC||For tax payments or tax status|
|Solicitors Regulation Authority||This is our regulator and they have powers to inspect our files at any time or to request information relating to them|
|The Law Society & its audit bodies||In connection with our Law Society accreditations|
|Our IT maintenance provider and our case management software supplier||Our case management software provider hosts and controls our client database. They may need access to our systems including client management software (which holds your details) in order to rectify problems to assist us with software problems and reporting|
|Experts||To give opinions or advice or evidence in your case or matter|
|Barristers||As above and also to represent your case at a hearing|
|Solicitors acting on our behalf||To represent your case at a hearing when we are not able to attend|
Keeping your data secure
We use technical and organisation measures to safeguard your personal data, for example:
- access to electronic data about your case or matter is controlled by a password and user name unique to your adviser in the firm. Paper records including original wills are held in secure cabinets and are only taken out of the office when required for specific reasons such as for meetings or a court hearing;
- we store your personal data on secure servers; and
- for those matters involving court hearings, details are accessed via secure court portals and laptops used for these hearings are encrypted
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
What can I do to keep my information safe?
If you want detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
Transfers of your information out of the EEA
We do not normally copy your personal information to anyone outside the European Economic Area. However, we may need to transfer your personal data to countries, some of which may be located outside the European Economic Area, for the purpose of performing a contract with you or to make enquiries at your request. This will be in connection with your matter or case. Rest assured that when we are aware of this we will check with the ICO to ensure any transfer is subject to appropriate security measures to safeguard your personal data. Please note that personal data transferred to the United States may not have adequate levels of protection. If protections are not considered adequate then we may also seek your explicit consent to the proposed transfer. This might arise for example where a beneficiary of a deceased’s estate lives in such a country. If you access or send us information from abroad, then this will be at your own risk.
What rights do you have?
Right to request a copy of your information
You have a right of access under data protection law to the personal data that we hold about you. You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy, please:
- email, call or write to us (see ‘How can you contact us?’ below)
- let us have proof of your identity and address (we prefer your current driving licence or passport and a recent utility or credit card bill), and
- let us know the information you want a copy of, including any account or reference numbers, if you have them
Unless your request is manifestly unreasonable, unfounded or excessive (e.g. because it is repetitive – and we may then refuse to act on the request) we will not make a charge for this service. Unless you request otherwise, we will provide the information electronically. Information provided will be written in clear and plain language, concise, transparent, intelligible and easily accessible. (Some documents may be written or presented in a particular way for legal reasons and if you request we will provide a short explanation to help you understand them.)
We will provide this information without undue delay and in any event within one month of the request, although we may extend the period by two further months where necessary taking in to account the complexity and volume, but we will let you know if this is going to be the case.
Right to correct any mistakes in your information
We are committed to holding personal data that is correct and up to date. You can require us to correct any mistakes in your information which we hold. This will be done free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below)
- let us have enough information to identify you (e.g. matter number, your name and ID details), and
- let us know what is incorrect and what it should be replaced with
If we have provided the personal data to third parties, we will let you know who this is and inform them of the rectification required where possible. We will make the rectification without undue delay and within one month. If it is a complex request we may have to extend this by two months, but again, we will let you know if this is going to be the case.
Right to erasure (“right to be forgotten”)
You have the right to ask us to erase personal data without undue delay in certain circumstances, such as your wish to withdraw consent to us processing it for marketing purposes. However, this does not apply if we are required to comply with a legal obligation or if the processing is necessary for the establishment, exercise or defence of legal claims. Please note that even after your case or matter is finished, we have legal obligations to keep personal data for longer and we will inform you of the time applicable.
Right to restrict processing
You have the right to block or suppress processing of personal data. For example, this may be because you contest the accuracy of the personal data we hold or you object to us processing it. Please be aware that restricting your data in this way may mean that we will no longer be able to act for you. We are also able to continue to process personal data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
Right to data portability
This right allows you to obtain and reuse your personal data by moving, copying or transferring it from one IT environment to another. This applies when we are processing your data based on consent or under a contract and it is carried out by electronic means. If so, we will provide this data free of charge in a structured, commonly used and electronically readable form.
Right to object
You can object to us processing personal data for marketing purposes or where it is used in connection with our legitimate interests. Unless we are processing this data for the performance of a legal task, or for a compelling legitimate ground which overrides your interests, rights and freedoms, we will stop processing your personal data.
Right to complain
If you have a concern about the way your personal data has been handled by us please let us know so that we can help. In addition, you have the right to complain to the ICO. The contact details are on the ICO website www.ico.org.uk where you can start a Live Chat or send an email (email@example.com) or you can call the Help Line 0303 123 1113 (+44 1625 545 745 if you are outside the UK).
How you can contact us