In order that you are reliably informed about how we operate, we have developed this privacy notice, which describes the ways in which we collect, manage, process, store and share information about you as a result of you instructing us to act for you, or being employed by us, or visiting our website. The privacy notice also provides you with information about how you can have control over the use of your data.
As solicitors we owe a duty of confidentiality to our clients and staff to keep their matters private (and also may rely upon legal professional privilege). This document sets out your rights of privacy under the GDPR [General Data Protection Regulation] after 25 May 2018. Where one of our duties of confidentiality or privilege owed to you may overlap or conflict with the GDPR then they may have priority and take precedence so whilst this notice explains the GDPR rights it does not seek to remove or restrict those other duties owed to you.
If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer, Timothy Allen, Compliance Partner at timothy.allen@scottrees.co.uk or the Compliance Department at Compliance@scottrees.co.uk or write to our Data Protection Officer at Compliance Department, Scott Rees & Co, 5 The Parks, Newton-le-Willows, WA12 0JQ. We are registered with the Information Commissioners Office number Z85004220.
What information do we collect about you?
Article 6 of the UK GDPR sets out six lawful bases for processing personal data. These comprise:
- Performance of a contract
- Compliance with a legal obligation
- The vital interests of a data subject
- The legitimate interests of the data controller
- Public interest or exercise of official authority
- Consent
Our Article 6 lawful basis to process your personal data, is:
- performance of a contract–(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
- Data is used to perform our contract for legal services (if a client) or undertake processing that is necessary in order to take the steps at the request of the data subject prior to entering into a contract (prospective client) or contract of employment (if an employee).How we use your data for a client is set out in our client care letter which sets out our contractual terms of business and you sign our Instructions to Act form to confirm you understand and agree to those terms.This includes us handling your medical information as that is essential to an injury claim.Our Article 9 reason for processing special category data is (f) Legal claims or judicial acts.
In general terms, we seek to collect information about you so that we can:
- Administer our relationship with you, and provide legal services. We do this to progress your matter and respond to enquiries, from you, or third parties involved in your matter and update you.
- Process applications for employment
- Deliver requested information to you about our additional services and our subsidiaries (if any) services if relevant to the contractual matter
- Ensure the billing of any procured services and obtain payment
- Process and respond to any complaints
- Enable us to meet our legal and other regulatory obligations imposed on us
- Audit usage of our websites
The information that we need for these purposes is known as your “personal data”. This includes your name, home address, email address, telephone and other contact numbers and financial information. We collect this in a number of different ways. For example, you may provide this data to us directly online or over the telephone, or when corresponding with us by letter.
We also process sensitive classes of information that includes:
- Physical or mental health details (only to the extent required to enable us to deal with your accident or injury or medical negligence legal claim) , and
- Racial or ethnic origin (only so far as it is necessary, for instance to provide language or translation services to assist you).
We will only process this and record it if necessary to progress your instructions and at under the agreed contract or agreement.
Please also be advised that when you visit our website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the Internet, and information about your visit such as the pages you viewed or searched for, pages response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third party organisations. You can control this by adjusting your cookies settings. We refer you to our Cookies Policy on our website for more information on this.
How will we use the information?
We use the data collected from you for the specific purposes listed in the table below. Please note that this table also explains:
- The legal basis for processing your data, linked to each processing purpose; and
- In what circumstances your data will be shared with a third party organisation.
| Purpose for processing data | Legal basis for processing data | Third party organisations with whom data is shared |
| To administer our relationship with you, provide legal/ contractual services as a client or employee and respond to enquiries. This includes; (i) Permission for disclosure of your information so far as is necessary to fulfil your instructions to Data Processors, or third parties or the Court, (ii) Permission for searches of databases using your details and recording the results to fulfil your instructions, (iii) Audits – when required by a third party (i.e. Solicitors Regulation Authority, government bodies, regulators, professional bodies) or Data Processor (e.g. insurers,SRA authorised legal practices and/or FCA regulated financial institutions ) to provide audit facilities to demonstrate compliance with legislation or regulation or service standards, or when required for the purposes of borrowing, finance or refinance, merger or acquisition, or financing due diligence. We have your permission to disclose such material as deemed reasonably necessary. | To meet the requirements of performance of a contract | We use “Data Processors” and/or Third Parties to carry out tasks and obtain records and information to progress your matter and they process data on our behalf. These include; barristers, medical experts and agencies, engineers, GPs, hospitals, other experts, outsource agents, enquiry and statement drafting agents, hire companies, BTE/ATE insurers, costs draughtsmen, care experts, employment experts, actuary experts, courts, Third Party Insurers/Solicitors, Experian and Call ML, Equifax, Companies House, Electoral Roll and Netfoil, DVLA, MIB (including askMID, askCUE PI, MEDCO). |
| To ensure the billing of any procured services by you and obtain payment. | To meet the requirements of a performance of a contract | Government VAT and tax inspectors, external auditors, internal auditors. |
| To communicate with you about legal updates, breaking news, newsletters and event invitations which are relevant to your interests/matter and in line with your preferences. | As agreed with you in our contract/agreement. | We use marketing services such as Mailchimp. |
| To provide enquirers support by telephone | To fulfil contractual obligations this includes taking action before entering into a contract. | None. |
| To process and respond to complaints. | To meet performance of a contract obligation | None. |
| To monitor and record information relating to the use of and quality of our services, to include our website. | To meet performance of a contract obligation To improve the services and experience and website for individuals and visitors. | Web service providers and cookie providers. We may invite you to use on line review services such as Trust Pilot, Google, Facebook, YouTube. |
| To capture photographs and videos to be used for marketing and promotional material for the firm, including our website, brochures, bids and tenders. | To meet performance of a contract obligation .We also seek explicit consent prior to collecting and using this information. | None. |
| To ensure the firms offices and its stored information is secure we may use CCTV services. | To meet the requirements of performance of a contract | CCTV service providers. |
| For employees – To conduct human resource administration to include assessing suitability, eligibility and/or fitness to work. | To fulfil contractual obligations this includes taking action before entering into a contract.Performance of a contract | Disclosure and Barring Service. HR software providers, Payroll Accountants. |
| To maintain the firms accreditation with recognised bodies and practice management standards | To meet the requirements of a contract/comply with a legal obligation | Lexcel, CQS, ISO 27001, Investors in People |
Your rights
Under the terms of data protection legislation, you have the following rights as a result of using our service and our website (subject to confidentiality, as mentioned above):
(a) Right to be informed
This privacy notice fulfils our obligation to tell you about the ways in which we use your information as a result of you using our services.
(b) Right to access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost after 25th May 2018. We will send you a copy of the information within 30 days of your request.
Please Note – A Subject Access Request is not the same as a request for your file of papers and whether you are entitled to your file of papers will be bound by the terms of our contract or agreement with you and we can advise you further on that. We may be entitled to exercise a lien over your file of papers when our costs are unpaid,( so hold the file until our costs are paid) and be able to charge you for further copies of information that you have already been provided with.
To make Subject Access Request, please email or write to our Data Protection Officer Mr Allen, at the details set out above.
(c) Right to rectification
If any of the information that we hold about you is inaccurate, you can contact our Data Protection Officer in writing. Before we can do this it may be necessary for us to investigate this with you and obtain proof of your identity.
(d) Right to be forgotten
From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. Please note that there may be very good reasons why we cannot comply, for instance where we need to hold your file of papers electronically after conclusion of your matter for a statutory period e.g. limitation period. For further information please contact our Data Protection Officer, who will be able to help you and advise you on your case.
You have the right to object to:
- The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time.
- The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.
(e) Right to restrict processing
If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Protection Officer.
(f) Right to data portability
If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Data Protection Officer.
(g) Rights related to automated decision-making
If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact our Data Protection Officer.
Is the processing of information likely to cause individuals to object or complain?
Scott Rees & Co is not aware of any justifiable reasons that would constitute a legitimate reason for objecting or complaining about the way we process or control information.
How long will we retain information for?
Scott Rees & Co will typically retain information for a period of six years from the conclusion of litigation matters and sale matter or twelve years from the conclusion for re-mortgage or purchase matters. Or six years for employment records. This is due to regulatory reasons and limitation periods in respect of any future claims or complaints and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.
Overseas transfers
None of the information that we collect process or store as a result of this website is transferred outside of the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described above.
Data privacy and security
At Scott Rees & Co, we maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
- Protect against potential breaches of confidentiality;
- Ensure all IT facilities are protected against damage, loss or misuse;
- Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
- Ensure the optimum security of this website.
- We have been awarded ISO 27001 Certification for Information Security Management.
General
Questions and comments regarding this Privacy Notice are welcomed, and should be sent to our Data Protection Officer at compliance@scottrees.co.uk
Alternatively, you can write to our Data Protection Officer at Tim Allen, Scott Rees & Co, 5 The Parks, Newton-le-Willows, WA12 0JQ if you have any concerns or complaints about the ways in which your personal data has been handled as a result of you using our website.
If we cannot resolve your concerns, you have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AFor https://ico.org.uk.
First Version-May 2018
This updated 4th October 2024 fv
