- Who We Are/Accountability
- Sources of Information
- The Use of Your Data
- Disclosure of Your Data
- How Long Do We Keep Your Data For
- Marketing Data
- How We Collect Your Personal Data For Marketing
- Sharing Data
- Data Outside EEA
- Visitors to Our Website
- Inaccurate Information
- Access to Your Personal Information
This notice explains how Susan Howarth & Co Solicitors Ltd protect and process personal data on behalf of clients and others using our services and website.
It also explains the conditions under which we may disclose it to others and how we keep it secure.
Read this data privacy notice to understand why data is collected and what we do with it once it is in our possession.
For clients of the firm you should read this notice alongside our general Terms and Conditions which provide further information on confidentiality, data privacy, etc.
The website covered by this notice is Susan Howarth & Co Ltd. This Notice does not apply to any websites that may have a link to ours.
1. Who We Are/Accountability
Data is collected, processed and stored by Susan Howarth & Co Ltd of 41 Chesterway, Norhwich, Cheshire, CW9 5JE. We are known as the Data Controller of the personal information you provide to us.
Susan Howarth & Co is a limited company authorised and regulated by the Law Society under number 7959383. We are registered with the Information Commissioners Office under registration number Z8322657.
Our website and services are not aimed specifically at children because in legal work children are generally represented by their parents or guardians. If you are a child and need further advice or explanation about how we would use your data, please email Anne Davis on email@example.com.
The information/data that we require and the exact information that we will request from you will depend on what you have asked us to and what we have contracted to do for you. The Data Privacy Notice is intended for clients and prospective clients only.
We will usually require your full name, address, gender, date of birth and contact details. If a transaction is involved, we may require your banking details and depending on the type of transaction, we may require some sensitive personal data. Sensitive data may include your racial or ethnic origin, religion, health or criminal convictions, religious beliefs, trade union memberships, sexual life, alleged or actual criminal activity and criminal records, genetic or data,biometric data used to uniquely identify an individual.
To comply with our legal obligations, we must verify the identity of clients and therefore we will require you to provide copies of certain documents and to respond to certain queries that we may have. If a transaction is involved, we will be asking about the source of any funds and requesting supporting documentation. We will carry out as part of this process an online search to assist us in verifying your identity. We are unable to proceed with your work until these checks have been completed. Once we have concluded working on your behalf your file will be archived for at least 7 years as set out in our Terms and Conditions of Business.
3. Sources of Information
We may obtain information about you from a number of sources :-
- You may volunteer the information. This could be verbally, in writing (letter, email, fax).
- You may provide information relating to someone else (but you must have the authority to disclose personal data if it relates to someone else).
Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be :-
- Banks or Building Societies
- Panel providers who allocate legal work to law firms
- Organisations that have referred work to us (e.g. Cheshire Without Abuse)
- Other professional firms e.g. Accountants, Financial Advisers, Solicitors, Barristers.
4. The Use of Your Data
The primary reason for asking you to provide personal data is to allow us to carry out your requests, for example to represent you and carry out your legal work, to provide a quote.
Some examples of what we use your information for are :-
- Verifying your identity.
- To verify and establish the source of funds for any transaction that you have asked us to carry out on your behalf.
- To detect fraud.
- To communicate with you.
- To provide you with our advice and process your legal transaction to carry out litigation on your behalf, attend hearings on your behalf, prepare documents or to complete a transaction.
- Keeping financial records of your transaction and the transactions we make on your behalf. Please note we do not store payment card information.
- Seeking advice from third parties in connection with your matter.
- Responding to any complaint or allegation of negligence against us.
- Assisting with the funding of your matter if it involves Public Funding/Legal Aid or No Win No Fee.
5. Disclosure of Your Data
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell, or rent your information to third parties. We will not share your information with third parties for marketing purposes.
During the course of carrying out your legal work we are likely to need to disclose some information to parties outside of Susan Howarth & Co Ltd disclosing this to third parties. Examples of when we may need to disclose your personal data might be providing your information to :-
- HM Land Registry to register a property
- HM Revenue & Customs i.e. Stamp Duty, Tax liability
- Court or Tribunals
- Solicitors acting for the other side or Solicitors involved in your matter in some other way
- Accountants, Barristers, seeking advice from them or representation
- Medical experts/non legal experts
- Bank, Building Society or other lenders providing mortgage facilities
- Translation agencies
- Contract suppliers
- Insurance companies to fund No Win No Fee i.e. Iceberg
- Any Consultants providing independent quality checks for your file
- External auditors or our regulator, e.g. Lexcel, SRA, ICO, Legal Aid Board etc
- Solicitors account rules
- Auditors (currently Bennett Brooks) as part of their regulatory checking on behalf of the Solicitors Regulation Authority and/or the Solicitors Regulation Authority themselves
- Insurance company
- Providers of identity verification
- Any disclosure required by law or regulation such as the Prevention of Financial Crime and Terrorism
- Solicitors representing our interest in the event of a claim by you
- If there is a risk of harm to you, others or a child.
We will ensure that any third parties with whom we share your data comply with our instructions and they do not use your personal information for their own purposes, unless you have explicitly consented to them doing so.
There are some uses of personal data that require your specific consent. If this is the case, we will be contacting you to explain what they are and to ask for your consent which you are free to withdraw at any time.
6. How Long Do We Keep Your Data For
Information may be held in computers or manual files. We only retain the information for as long as it is necessary to undertake the work on your behalf that you have instructed us to do, as is required to be kept by law until the period you could make a claim against us has lapsed which is usually 7 years after the matter has concluded or if we act for a child under 18, they have reached their 25th birthday. If we have acted in a matter in which you have suffered mental impairment, or a provisional award has been made then the file can be kept for up to 100 years from the date of birth for the duration of a period a Trust plus 6 years. Wills and related documents may be kept indefinitely. Probate matters where there is a surviving spouse or civil partner are retained until the survivor has died in order to deal with transferable inheritance tax allowance. Deeds relating to unregistered property are kept indefinitely as they are evidence of ownership. Some information or matters may be kept for 16 years such as commercial transactions, sale of leases, matrimonial matters (financial orders or maintenance agreements, etc). Information obtained from prospective clients is kept up to 2 years for the purpose of providing quotations and any subsequent follow up.
7. Marketing Data
This marketing communication may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent, nor do we ever pass on or sell your details to a third party.
We use MailChimp as an online marketing tool, whose servers and offices are located in the United States, hence your information may be transferred to, stored, or processed in the United States. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework.
Mailchimp are committed to subjecting all Personal Information received from European Union (EU) member countries in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.
8. How We Collect Your Personal Data For Marketing
The following are examples, although not exhaustive, of how we collect your data :-
- Sign up to receive our Newsletter
- Following, liking, subscribing to social media channels
- Take part in one of our competitions or promotions we run on our social media channels/website
- Agree to fill out questionnaire or survey on our website
- Ask us a question or submit any query or concerns you have via email on our social media channels
- Post information to our website or social media channels, for example when we offer you the option for you to comment on or join in any discussions
- When you leave us a review on google/our website
- When you submit an online enquiry
- When we collect your personal data you will be provided with the opportunity to “opt in” to receive marketing communication from us. We hope that you will provide this information so that you find our communications useful, but if you choose not to, please be assured this will have no affect on accessing our legal services.
The following are examples (but not exhaustive) of how we may use your personal information for our legitimate business interests.
To prevent fraud :-
- Direct marketing
- Network and information system security
- Data enhancing, modifying or improving our services
- Identifying usage trends
- Determining the effectiveness of promotional campaigns and advertising
9. Sharing Data
We will not share your personal information/data with third parties unless we need to do so. Data may be shared only to complete your legal work as required by law. As your information will be stored on computer it could be shared with our system maintainers for fault diagnostics, but we will take steps to protect your data should third parties access be required. We will never sell your personal data or information to third parties.
10. Data Outside EEA
Where possible your personal information will be processed within the EEA. We do not anticipate the information needing to be processed outside. The only exception to this will be marketing data see section 7 Marketing Data above. However, if for any reason we need to disclose your data to companies physically located outside of the EEA, for example in the United States, the same high level of security precautions will be employed to keep your personal data safe and we will obtain your express consent before sharing your data outside of the EEA.
11. Visitors To Our Website
When someone visits our website we use third party Service Google Analytics to collect standard internet log information and details of visitors behaviour pattern so can make improvements. This information is only processed in a way that doesn’t identify anyone.
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address, Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. Google may use the data collected to contextualise and personalise the ads of its own advertising network. Related information;
12. Inaccurate Information
If you think any information we hold about you is inaccurate or incomplete or has been changed since you first told us, please let us know as soon as possible so that we may update our records.
13. Access To Your Personal Information
The General Data Protection Regulation replaced the Data Protection Act 1989 on 25th May 2018. Under both sets of Regulations you are entitled to request a copy of your personal data, but if your request is received prior to 25th May then a fee of £10 is payable. If you wish to make subject access requests please contact our Practice Manager, Anne Davis, at firstname.lastname@example.org or telephone her 01606-48777 or write to Susan Howarth & Co Solicitors Ltd at 41 Chesterway, Northwich, Cheshire, CW9 5JE, or contact the person dealing with your matter. A subject access request entitles you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth, etc. This means a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be a transaction or legal matter rather than personal information about you.
The General Data Protection Regulation provide you with 3 rights, the right to object to specific types of processing, the right to be forgotten and the right to restrict processing. Depending on the nature of the request we will comply with it to the fullest extent possible, but in some cases, this could mean that we are unable to continue with your matter in which case work would cease at the earliest opportunity, but you would remain liable for the fees and disbursements incurred to date. If you have opted into marketing but subsequently withdraw your consent, we will act upon your request immediately it is received. In certain situations, you may be able to ask for restrictions to be placed on the processing of data or to exercise your right to be forgotten. A restriction has the effect of freezing data so we would continue to store your personal data, but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply to data which is processed unlawfully or otherwise fails to satisfy the requirements of the General Data Protection Regulations.
We have CCTV surveillance in operation at the premises of 41 Chesterway Northwich Cheshire CW9 5JE. This is for the security of our clients, employees and visitors to the premises. The CCTV footage will be retained for a maximum period of one month.
Please contact our Practice Manager if you have any complaints or concerns over how your data will be used. If you are not satisfied with the response the UK Regulator on data protection issues is the Information Commissioners Office, their telephone number is 0303 123 1113 and their website is www.ico.org.uk