Gray and Co Solicitors of 1 Grey Friars, Chester, CH1 2NW.
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Our use of your personal data is subject to your instructions, the GDPR, DPA, other relevant UK and EU legislation and our professional duty of confidentiality. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The information we collect from you
We will only collect information from you that is relevant to the matter that we are dealing with. We may collect additional information about you from emails or other correspondence that you send to us. In particular we may collect the following information from you which is defined as ‘personal data’.
- Personal details
- Family, lifestyle and social circumstances
- Financial details
- Business activities
- Criminal convictions
We may also collect information that is referred to as being in a ‘special category’. This could include:
- Physical or mental health details
- Racial or ethnic origin
- Religious beliefs or other beliefs of a similar nature
- Sexual orientation
which we will only process with your explicit consent
How we use your information
Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg: to comply with our legal and regulatory obligations; for the performance of our contract with you or to take steps at your request before entering into a contract; for our legitimate interests or those of a third party; or where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
We will use your information for the provision of legal advice or for personnel, administrative and management purposes which is necessary for the performance of the contract between us. We may also use it for:
- Administering any accounts
- Processing your bank/credit card details in order to obtain payment
- The prevention and detection of fraud
- Market research
- Reference checks
Who we share your information with
We limit the sharing of your information to those people who will assist with your matter or employment. This may include the following, but the list is not exhaustive:
- Medical experts
- Private investigators
- Defence forensic experts
- Healthcare professionals, social and welfare organisations
- Courts and Tribunals
- Employment lawyers
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Where you authorise us we may also disclose your information to your family, associates or representative. In the event that you do not pay our invoices, we may also disclose your information to debt collection agencies.
Storage of Information
We will keep your information throughout the period of time that we do work for you or you are employed by the firm and afterwards for a period of six years or as we are required to do by law.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
You have a number of rights under the GDPR which include:
- Transparency/right to be informed
- Right to Access
- Right to Erasure
- Restrict processing
- Data portability
- Right to object
- Not to be subjected to automated decision-making/profiling
Any access request may in the first instance be free of charge but may be subject to a reasonable fee if requests are found to be excessive. Proof of ID will be requested where an access request is made. Further information on this issue can be obtained from the Information Commissioner’s Office, www.ico.org.uk
Keeping your personal data secure
The data we collect from you will be stored within the European Economic Area and we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice. We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
If you are unhappy about how we are using your information then initially you should contact us directly and if your complaint remains unresolved then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk.
Changes to our privacy notice
We may revise this privacy notice at any time by amending this page.