Fair Processing Privacy Notice
Our Fair Processing Privacy Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).
The Fair Processing Notice is effective from 25th May 2018.
1.1 We take your privacy seriously and you can find out more here about your privacy rights and how we gather, use and share your personal information – that includes the personal information we already hold about you now and the further personal information we might collect about you, either from you or from a third party. How we use your personal information will depend on the products and services we provide to you.
1.2 Our Data Protection Officer (DPO) provides help and guidance to make sure we apply the best standards to protecting your personal information. Our DPO can be reached by email at firstname.lastname@example.org or by post at Headleys Solicitors, 15 Station Road, Hinckley, Leicestershire, LE10 1AW if you have any questions about how we use your personal information.
See section 3 below (Your Privacy Rights) for more information about your rights and how our DPO can help you.
1.3 This Privacy Notice provides up to date information about how we use your personal information and will update any previous information we have given you about using your personal information (also referred to as personal data). We will update this Privacy Notice if we make any significant changes affecting how we use your personal information, and if so we will contact you to let you know about the change.
2. About us
We are what is known as the ‘controller’ of personal information we gather and use. When we say ‘we’ or ‘us’ in this Privacy Notice, we mean Headleys Solicitors and we are regulated by the Law Society and Solicitors Regulation Authority.
3. Your privacy rights
3.1 You have the right to object to how we use your personal information. You also have the right to see what personal information we hold about you. In addition, you can ask us to correct inaccuracies, delete or restrict personal information or to ask for some of your personal information to be provided to someone else. You can make a complaint to us by getting in touch by phone or post, or in person.
You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office, at https://ico.org.uk. To make enquires for further information about exercising any of your rights in this Privacy Notice please contact our DPO by email at email@example.com or by post at Headleys Solicitors, 15 Station Road, Hinckley, Leicestershire, LE10 1AW
Read more about your Privacy Rights
For some products and services, we need to use additional personal information which we will gather about you, or we will not be able to provide any of these products and services to you. See section 5 How we gather your personal information for further details.
For instance, if we are assisting you in Court of Protection applications, conveyancing services to buy a house, or acting on behalf of your mortgage lender. Court of Protection applications, Family Law cases, Conveyancing and Mortgage Products often require us to need financial information (including your income, expenditure, assets and liabilities, credit history and credit scoring); employment details; details of any criminal prosecutions and details of bankruptcy or any County Court Judgements.
You can contact us at our office at the address supplied above to exercise any of the following privacy rights:
3.2 Right to object:
You can object to our processing of your personal information. Please contact us as noted above, providing details of your objection.
3.3 Access to your personal information:
You can request access to a copy of your personal information that we hold, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge by contacting our Data Protection Officer to make an Access Request. Please make all requests for access in writing and provide us with evidence of your identity.
3.4 Right to withdraw consent:
If you have given us your consent to use personal information, you can withdraw your consent at any time and, update your marketing preferences by visiting us at our offices, or calling us directly.
You can ask us to change or complete any inaccurate or incomplete personal information held about you.
You can ask us to delete your personal information where it is no longer necessary for us to use it, you have withdrawn consent, or where we have no lawful basis for keeping it.
You can ask us to provide you or a third party with some of the personal information that we hold about you.
You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.
3.9 Make a complaint:
You can make a complaint about how we have used your personal information to us, by visiting our office, by contacting us via the telephone or email, or to a supervisory authority – for the UK this is the Information Commissioner’s Office at ico.org.uk.
We will not make any charge for responding to any request from you to exercise your privacy rights, and we will respond to your requests in accordance with our obligations under data protection law.
4. What kinds of personal information we use
4.1 We use a variety of personal information depending on the products and services we deliver to you. For all products and services, we need to use your name, address, date of birth, contact details, and information to allow us to check your identity. For some products and services, we might need additional information, for example:
health details for certain cases or services, or to support vulnerable clients; and
convictions information for court of Protection applications, Family Court representations, litigation cases, fraud prevention, anti-money laundering and to meet legal obligations.
Find out more information about the kinds of personal information we use for different products and services
We offer various legal services and advice.
To provide any of these services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability.
4.2 Sometimes where we ask for your personal information needed to enter into a contract with you or to meet a legal obligation (such as a credit check), we will not be able to provide some products or services without that personal information.
5. How we gather your personal information
We obtain personal information:
directly from you, for example when you fill any client information forms or an application form, or from documents you provide us with;
by observing how you use our services, or provided to us by other professionals involved in your matters, for example from police, court welfare officers, estate agents, and the transactions and operation of your accounts and services;
from other organisations such as credit reference and fraud prevention agencies;
from other people who know you including joint account holders and people you are linked to financially or in legal matters.
We also may obtain some personal information from monitoring or recording calls and if we were to use CCTV. We may record or monitor phone calls with you for regulatory purposes, for training and to ensure and improve quality of service delivery, to ensure safety of our staff and clients, and to resolve queries or issues. We may also choose to use CCTV on our premises to ensure the safety and security of our staff and clients.
6. How we use your personal information
To provide you with any services we need to know your name, address, date of birth, details of your current and previous countries of residence/citizenship, and a copy of identification documents (such as a passport or driving licence). We might also need health information to help support our customers who have a vulnerability, or where it is relevant in the matter we are assisting you with.
We sometimes need to gather, use and share additional personal information for specific purposes, which are set out in more detail below.
6.1 To operate and administer services, including dealing with your complaints and fixing our mistakes, we will use:
your contact details;
We might share all of the information we use for this purpose with third parties who help us to verify your contact details and deliver our services, such as our subcontractors and our own service providers for payment processing, other banks and regulators. We use your information in this way because it is necessary to perform our contract with you and to meet our legal obligations.
6.2 To administer payments to and from you, we will use:
your contact details and the payment details that you have provided to us.
We may give this information to our third-party payment providers to process payments to or from you.
6.3 To make credit decisions about you (including new applications for credit or requests to increase credit limits) we will use:
information you give to us about your credit history;
information about those you are financially linked to (such as your partner);
information about how you have used other services offered by us;
information we receive from third party credit reference agencies; and
information we receive about you directly from other third parties, including when you authorise us to access accounts you hold with other banks.
For this purpose, we may share information with credit reference and fraud prevention agencies.
The information could then be used as follows:
the credit reference or fraud prevention agency might add details of our search and your credit application to the records they hold about you, whether or not your application proceeds;
we and the credit reference or fraud prevention agency might link your financial records to those of any person you are financially linked to – this means that each other’s information (including information already held by us or the credit reference agency) will be taken into account in all future credit applications by either or both of you, until one of you successfully files a ‘disassociation’ at the credit reference agencies;
we might add to the credit reference or fraud prevention agency’s records details of how your agreements or accounts operate with us, including any default or failure to keep to the terms of your agreement, and any failure to advise us of a change of address where a payment is overdue;
the credit reference or fraud prevention agency could pass on any of that information to other companies unrelated to us for the credit checking and fraud prevention purposes mentioned above; and the credit reference or fraud prevention agency will also use the information for statistical analysis about credit, insurance and fraud on an anonymous basis.
If we use your information in this way it is because it will be necessary in order to offer you delayed payment terms or credit, or to provide related services to you, and to meet our legal obligations.
If a credit reference agencies received a search from us, they would place a search footprint on your credit file that may be seen by other lenders and other companies unrelated to us (for example, other banks and credit providers).
Further information on how your information is used by credit reference agencies and fraud prevention agencies can be found at Equifax.
6.4 To act on behalf of your mortgage lender, or other financial services provider we will use:
information you give to us about your needs and circumstances. For mortgages this will include details of income and expenditure, assets and liabilities, and details of intended retirement age; and
information about how you have used other services offered by us or other lenders and financial services providers.
We might share all of the information we use for this purpose with third parties who help us to deliver the service or advice. These third parties include credit checking and fraud prevention agencies and our insurance provider partners.
We use your information in this way because it is in our interests and your interests for you to receive relevant advice about the right products and services for you, and in the prevention of mortgage and financial fraud.
6.5 To comply with our legal obligations, to prevent financial crime including fraud and money laundering we will use:
any information you have given us, that we have obtained from a third party, or that we have obtained by looking at how you use our services, where it is necessary for us to use that information to comply with a legal obligation; and
this information will include name, address, date of birth, every country of residence/citizenship, personal identification (which may include passport number or driving license number) your IP address, and information about any criminal convictions.
We will give information to and receive information from third parties where that is necessary to meet our legal obligations, including credit reference agencies, fraud prevention agencies, the police and other law enforcement and government agencies, other banks and regulators. Fraud prevention agencies may use your information as set out in clause 6.3 above.
6.6 To comply with our legal obligations, to support our vulnerable clients:
information you give to us which identifies a vulnerability (such as a health condition); and
information we may receive from another person or professional body which identifies vulnerability.
We will give information to and receive information about a vulnerability from third parties where that is necessary to meet our legal obligations, for example from police, social services or someone acting on your behalf.
6.7 For financial management and debt recovery purposes, we will use:
your contact details;
information we obtain from looking at how you have used our services, including information about your location that we may find from reviewing your accounts; and information available provided by other members of our profession, or persons or professionals involved in your matters.
We will give information to and receive information from third parties where that is necessary to recover debts due by you to us, for example, other banks, debt recovery agents, credit reference agencies and sheriff officer or bailiff services. This might include passing personal information about you to a third party who we have transferred your debt to, and who will then contact you directly to collect that debt. If your debt is transferred to a third party you will be advised of the identity of that third party.
We use your information in this way because it is necessary to perform our contract with you, to exercise our legal rights, and because it is fair and reasonable for us to do so.
6.8 To enable payments to third parties who may have introduced you to us, we will use:
information about the general nature of the services; and information about the value of those services.
We use your information in this way because it is in our interests to do so to provide you with the services that best suit you.
We will give information to and receive information from third party independent financial advisers and mortgage brokers who have introduced you to us, in order to best assist you in the services we are providing you with.
6.9 To carry out market research and analysis to develop and improve our services we may use:
information about how you have used our services such as how you found us, any referrals made in connection with you or the services we have provided you with.
We do not pass your personal information to market research companies. We may use information to enable us to provide statistics to our regulatory bodies as required, for instance, in connection with equality and diversity.
6.10 To market services to you from us , we may use:
the contact details you have provided to us; and information we have gathered from your use of our services to form a profile of you which we will use to assess what other services would be most beneficial for you.
We will not pass your personal information to others except our service providers who may help us with marketing activities for our specific firm. We do not sell or provide third parties with your information for their marketing or so they can sell to you.
Sometimes we work with other professionals or companies that you have instructed to offer you the best service. For instance, you may have a mortgage offer that we are working with in the purchase of your new home. We will sometimes share your personal information with these partners, and receive personal information about you from these partners, to make sure that we give you the best, most relevant service, or related offers that we can offer you (if you have consented).
We might also receive personal information about you from a third party and use it to market our services to you, where you have given that third party your consent to share the personal information with us. We may collect your name and address from other service providers for the purpose of providing suitable marketing to you. For instance, if you are buying a new home, it may be useful to you to know that we can assist you in drafting your new will.
7. Automated decision making
7.1 Sometimes we use your personal information in automated processes to make decisions about you, such as identity checks, and in ensuring we are successfully offering our services to all clients in an inclusive manner that complies with our equality and diversity policy. We might also use automated processes to create a profile of you. We do this to help ensure the information and statistics we may need to provide to our regulatory bodies are made accurately, fairly and efficiently and to offer you services tailored to you.
Find out more about when we use automated processes and the logic, significance and consequences of these processes for you.
We do not currently routinely use automated decision making using your personal information to create a profile of you for credit scoring – a method which predicts your credit worthiness based on your financial profile – when offering you services.
We may however, use information you give to us, information we obtain from credit reference agencies, and details about how you have used our services or how you have managed your account and made payments to us when considering any request from you for credit or delayed payments.
In some cases we will also use external data sources for credit scoring. We may analyse this information to identify a credit score based on how likely it is that debts will be re-paid.
We could use credit scoring to make the following decisions about you: whether we enter into a contract to provide a service to you; whether to adjust services you have (such as an increasing or decreasing credit limits); to pre-approve future services for you; to agree to an overdue payment; to authorise payments from you; and in some cases where we need to recover a debt from you.
Profiling for marketing
We never sell your information or provide it to other companies for their marketing. We do want you to get the most relevant information about our Firms services at the right time. The most effective way for us to do this may be to use our knowledge about you in a rounded manner, which may include automated processes to create a profile of you for marketing in the future.
If we choose to carry out marketing profiling we would use information you give to us, details about how you have used other services you have with us and any feedback you have given us, information we have obtained from credit reference agencies and other external data sources and information from other companies we are partnering with.
We may use processes to analyse this information to decide what services to offer to you and to prioritise the marketing messages you receive by; assessing your eligibility for those services; assessing how likely they are to be useful for you; and deciding how likely you are to respond. We don’t want to bother you with information about our services that might be of no interest to you at all.
8. Our legal basis for using your personal information
8.1 We only use your personal information where that is permitted by the laws that protect your privacy rights. We only use personal information where:
we have your consent (if consent is needed);
we need to use the information to comply with our legal obligations;
we need to use the information to perform a contract with you; and/or
it is fair to use the personal information either in our interests or someone else’s interests, where there is no disadvantage to you – this can include where it is in our interests to contact you about services, market this Firms services to you, or collaborate with others to improve our services. We never sell your information or provide it to third parties to enable them to sell to you.
Where we have your consent, you have the right to withdraw it. We will let you know how to do that at the time we gather your consent. See section 12 Keeping you up to date clause 12.2 for details about how to withdraw your consent to marketing.
8.2 Special protection is given to certain kinds of personal information that is particularly sensitive. This is information about your health status, racial or ethnic origin, political views, religious or similar beliefs, sex life or sexual orientation, genetic or biometric identifiers, trade union membership or criminal convictions or allegations. We will only use this kind of personal information where:
We have a legal obligation to do so (for example to protect vulnerable people);
It is necessary for us to do so to protect your vital interests (for example if you have a severe and immediate medical need whilst on our premises);
It is in the substantial public interest;
It is necessary for the prevention or detection of crime;
It is necessary for insurance purposes; or
You have specifically given us explicit consent to use the information.
Find out more about how we use special categories of personal information for the following purposes:
if you want to apply for a health-related product, such as a Health and Welfare Lasting Powers of Attorney, we will require your personal information to provide you with services that are suitable for you. We need this to ensure we are giving you the best, tailored advice;
if we identify that you have a health-related vulnerability, we will share that within our organisation to the extent needed to protect your interests and provide you with services that are suitable for you. For instance, if you are unable to travel due to a disability, we will make appointments to see you at home;
if we need to provide you with urgent medical assistance when you are on our premises; and
to ensure you are treated fairly in circumstances where financial difficulty has arisen due to a vulnerability.
Racial / ethnic origin
we may ask for this information to fulfil our regulatory and reporting obligations relating to ensuring fairness and equality in our service delivery. We want to offer an inclusive service to all of our clients and we have an equality and diversity policy that is committed to this.
we may use information about criminal proceedings relating to you to ensure our advice to you is relevant and to give you the best advice in your circumstances. We may also use this information for fraud prevention/anti-money laundering purposes and to fulfil our legal and regulatory obligations.
sometimes the transactions in your bank accounts will reveal special categories of information (such as your political opinions, health status, religious beliefs and trade union membership), depending on payments you make and receive. This information may be processed by us for instance to provide advice on legal aid or eligibility for benefits and will not be used for any other purpose.
9. Sharing your personal information with or getting your personal information from others
9.1 We will share personal information with others outside of this Firm where we need to do that to properly represent you in matters you have instructed us to assist you with, make services available to you, market services of this Firm to you, meet or enforce a legal obligation or where it is fair and reasonable for us to do so. See section 6 How we use your personal information for more information about how we do this. We will only share your personal information to the extent needed for those purposes.
9.2 Who we share your personal information with depends on the services we provide to you and the purposes we use your personal information for. For most services we will share your personal information with professionals involved in your case such as courts and estate agents, our own service providers such as our IT support, with credit reference agencies and fraud prevention agencies. See section 6 How we use your personal information for more information on who we share your personal information with and why.
9.3 Most of the time the personal information we have about you is information you have given to us, or gathered by us in the course of providing services to you. We also sometimes gather personal information from and send personal information to third parties where necessary for credit checking and fraud prevention. If we use information for our marketing we seek your permission to do so, before we would use it. Sometimes, we use your information to let you know about our services, and special offers and events we may be able to offer you. See section 6 How we use your personal information for more information on who we get your personal information from and why.
10. Transfers outside the UK
10.1 We may need to transfer your information outside the UK to others service providers, agents, subcontractors and regulatory authorities in countries where data protection laws may not provide the same level of protection as those in the European Economic Area, such as the USA.
Find out more about how we transfer your data outside of the UK
We may need to transfer your personal information to territories that are outside the EEA. We will only transfer your personal information outside the EEA where either the transfer is to a country which the EU Commission has decided ensures an adequate level of protection for your personal information, or we have put in place our own measures to ensure adequate security as required by data protection law. These measures include ensuring that your personal information is kept safe by carrying out strict security checks on our overseas partners and suppliers.
Where relevant, this may be backed by strong contractual undertakings approved by the relevant regulators such as the EU style model clauses. We may also use the EU Commission approved EU-US Privacy Shield when personal information is transferred to the US.
You can find out more information about standard contractual clauses as detailed by the ICO. Visit their website at ico.org.uk and search for ‘International transfers’.
11. How long we keep your personal information for
11.1 How long we keep your personal information for depends on the products and services we deliver to you. We will never retain your personal information for any longer than is necessary for the purposes we need to use it for.
Find out more about how long we keep your data for
We keep your personal information for at least six years after closure of your matter or from the date you last used one of our services. We may hold it for longer if required by legislation or our governing professional bodies. Information relating to financial accounts and payments will be held in accordance with appropriate regulations and requirements. In some circumstances we will hold personal information for longer where necessary for active or potential legal proceedings, to resolve or defend claims, and for the purpose of making remediation payments.
12. Keeping you up to date
12.1 We may choose to communicate with you about services we are delivering using any contact details you have given us – for example by post, email, text message, social media, and if marketing, via our website or our other means of advertising services.
12.2 Where you have given us consent to receive marketing, you can withdraw consent, and update your marketing preferences by visiting our office or calling us directly.
You can also update your contact preferences by visiting our office or calling us directly.
13. Your online activities
13.2 Find out more about cookies
If you have any questions or queries, please get in touch. Although the new GDPR may seem complicated, it all comes down to protecting you and your personal information, and we have always taken great care of that and will continue to do so.