BM Solicitors takes the privacy of its clients very seriously. Our aim is to explain when and why we collect personal information from you and about you, how we use, the conditions under which we may disclose it and most importantly how we keep it secure. This policy tells you what to expect when we collect personal information from you and about you and what we do to protect your personal information and your rights to complain if you are not happy about the way your personal data has been handled.
BM Solicitors is the ‘data controller’ and the ‘processor’ of the personal information we hold for the purposes of the General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018 (the Data Protection Act).
The principles of GDPR are that personal data shall be:
- Processed lawfully, fairly and in a transparent manner
- Collected lawfully, fairly and in a transparent manner
- Collected for a specified, explicit and legitimate purpose (and not further processed incompatible with those purposes)
- Adequate, limited to what is necessary
- Accurate- every reasonable step should be taken to ensure this
- Kept secure
BM Solicitors Limited is authorised and regulated by the Solicitors Regulation Authority under number 560561. If you have any questions or queries regarding your personal data please contact our Compliance Officer and Client Care Director Ms Helen Shona Barriga.
This notice contains information about what is personal data and special category data, why we collect your personal information and where from, how long we keep information, how we keep information secure, your rights, if you can see all the information we hold about you, about information sharing and third parties, information collected from third parties and your right to make a complaint.
What is personal data and special category data?
Personal data is defined in the UK General Data Protection Regulation -GDPR - as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. This is normally the general information that you supply to us about yourself normally at the start of your case or as the case develops and we request this from you.
Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation. This by its own nature its more sensitive information about you.
Why we collect your personal information and where we collect if from
We primarily process data on the basis it is necessary for the performance of a task carried out on your behalf following instructions to act for you, namely to represent you and carry out your legal work. You initially provide us with personal data either on your instructions form, completed via an online application contact form from our website or over the telephone or when you attended our offices for an appointment to start your case. Some of the information you provide us will include your name, address, telephone numbers, date of birth, email address, copy of 2 forms of identification and bank account instructions (in we are successful at the end of your case). We use this information in order to be able to act for you and to carry out legal work on your behalf. We will also hold information from correspondence you may have by post or email. Sometimes we may obtain sensitive medical information directly from you or your GP / hospital / employer or other organisation in relation to your case. The provision of this information is subject to you giving us your express consent where individual separate forms will be sent to you for your signature. If we do not receive this express consent from you, then we will be unable to proceed with your matter. Some examples of when we may use your personal data for are for verifying your identity as required by the Money Laundering Regulations, for communicating with you, to ascertain how your case will be funded, to obtain you medical records or employment records which will be required in support of your claim, to be able to process your legal work, to be able to give you advice, to seek advice from third parties like Barristers or medical experts to name a few.
How long we keep information
We will keep your personal information usually in a cloud based computer case management system as well as paper files in line with the retention policy of our company as set out in the client care letter. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your case until its conclusion. These retention periods will also take into account our need to meet any legal, statutory and regulatory obligations imposed on us by the Solicitors Regulation Authority. Some examples of these include keeping your personal data for a minimum of 6 years from the conclusion or closure of your legal work, in case we need to re-open your case for the purpose of defending complaints about us or claims against us etc
How we keep information secure
We are under a general duty to keep your personal data and information confidential. We have high standards when it comes to confidentiality obligation and both internal and external contacts agree to protect confidentially of all information. We recognise that your information is valuable and we take reasonable steps to keep secure. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place.
Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below.
The right of access - You have the right to obtain a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with as well as details of the period for which the data will be retained. In some cases, we are not required to provide you with information we hold about you. Where this is the case we will let you know. Under the General Data Protection Regulation (GDPR) you are entitled to access any personal data that we hold about you (hereinafter referred to as the "data subject") This is referred to as a subject to access request. If you wish to make a request please write to us addressed to our Compliance Officer and Client Care Director, Ms Helen Shona Barriga. We will respond within one month from the point of receiving the written request and all necessary information about you. Our formal response shall include a copy of the personal data we hold about you such as your name, address, contact details, date of birth, telephone numbers, etc but it does not mean you are entitled to the documents that contain this data.
The right to rectification -In most cases you are entitled to have your records amended if the personal data we hold is inaccurate or incomplete. The right to rectification does not always apply. For example, it does not include amending data which was accurate about you at one time even though the current position is different. It also does not include changing records of information sent to us by others which you say is inaccurate because the information is an accurate record of what was sent to us.
The right to erasure - (right to be forgotten) You have a right to request your data is deleted in certain circumstances, i.e. where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, consent is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (for example for marketing reason) and there are no overriding legitimate grounds to continue; or where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation or if there is a need to comply with a legal obligation or it is necessary to process the data in connection with legal proceedings or legal advice.
The right to object or to restrict processing - You have the right to object to us processing your information based on legitimate interests and direct marketing. In such case, we will stop processing unless we can demonstrate compelling legitimate grounds for continuing the processing which override your interests. If you have concerns about how we are using your information and believe that this should stop, please write to us addressed to our Compliance Officer and Client Care Director, Ms Helen Shona Barriga.
Can you see all the information we hold about you?
In certain circumstances, you may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that is about another person or is subject to legal privilege. If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.
Information sharing and third parties
We will hold your personal data only for the purposes of administering and managing your case. We will only obtain information from third parties if this is permitted by law. We will not contact you for the purpose of direct marketing and we do not sell or pass on your details to third parties.
Information collected from third parties and sharing with third parties
We will keep information about you confidential and we will from time to time share your personal data. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties: insurance companies who we will contact to submit a claim on your behalf or if acting generally on your behalf, loss assessors and other fraud prevention agencies for the purposes of fraud prevention and to comply with any legal and regulatory issues and disclosures, Solicitors firms who have been instructed by the Defendant’s and to progress your case, medical experts to instruct them to prepare medical report in respect of your case, Barristers and any other experts that we may consider from time to time to be required to support and to progress your case.
Right to make a complaint - You have the right to make a complaint at any time if you are not happy about the way we have handled your personal data. Please contact us in writing addressed to our Compliance Officer and Client Care Director, Ms Helen Shona Barriga.
If you are not happy with our response once we have investigated your complaint or you believe we are not processing your personal data in accordance with the UK General Data Protection Regulation on the use of your personal data, you can contact: The Information Commissioner’s Office (ICO), who are the regulator for data protection issues, their address is: Wycliffe House, Water Lane, Wilmslow SK9 5AF. Their website is ico.org.uk