22nd February 2019 

PERSONAL DATA INFORMATION STATEMENT




This statement is to comply with our obligation to provide required information to people about whom we hold and process data, under the General Data Protection Regulation.

The Data Controller is Employment Law Plus (UK) Ltd. Our contact details are above. We have not appointed a data protection officer. We are registered with the Information Commissioner’s Office under registration number Z2481948.

What information will you get about me if I use your contact box on your website?

Our email contact form on our website only captures an enquirer's name and email address along with IP address of the computer used to make the request. No cookies are captured. Obviously, any information which you choose to type into the contact box will be provided to us.

Data security

We have put in place appropriate security measures to prevent your personal data from being lost, used, altered, disclosed or accessed in an unauthorised way.

E-mail communications are convenient but not secure. We do not routinely encrypt email. We have the facility to set up encrypted email with you. If you wish to discuss this with us, please let us know. If you do not take up this facility, you must accept the risk that the convenience of day-to-day exchanges of email without encryption may compromise security

What categories of personal data do we process?

We process the following categories of personal data:

  • Corporate client staff contact details and their opinions and instructions

  • Data about private clients, including personal details, family details, lifestyle and social circumstances, goods and services, financial details, their business and education and employment details (“Personal Details”); and sensitive data about health, sexuality, race, political opinions, sexual life, trade union membership, offences and alleged offences, criminal proceedings and outcomes (“Sensitive Data”)

  • Data showing identity

  • Data about workers of corporate clients and other third parties relating to their issues including Personal Details and Sensitive Data

  • Data about colleagues of private clients and other third parties relating to their issues including Personal Details and Sensitive Data

  • Contact details of prospective clients and issues around their cases, including Personal Details and Sensitive Data

  • Contact details of our suppliers and potential suppliers and their staff and details of their services and opinions

  • Contact details of referees and potential referees and business contacts and their staff and details of their services and opinions

  • Contact details of the staff at our regulators and professional organisations and their opinions and advice

  • Data in the public domain about court and tribunal judgments


  • Why we process personal data

    We process data to run a business providing legal services, authorised and regulated by the Solicitors Regulation Authority including:

  • Primarily to advise and act on behalf of clients
  • For contact and communication purposes
  • To send legal updates that we may circulate from time to time, and news about the South Oxon HR Network
  • To book a person onto an event
  • For updating and enhancing client records
  • To decide if we can offer legal advice to a prospective client
  • To verify a client’s identity and check any relevant background circumstances for anti-money laundering purposes and 'know your client' purposes
  • For selecting suppliers and managing information relating to our suppliers and prospective suppliers
  • For legal and regulatory compliance
  • To deal with feedback, queries or complaints
  • To close files in a risk compliant manner
  • For analysis to help us manage our practice
  • To try to win business
  • To create, grow and sustain a referral network to benefit those whom we refer, ourselves and the third parties to whom we give referrals
  • To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims
  • To detect fraud and loss
  • To invoice clients, keep track of payments, recover monies due to us and take legal actions
  • To establish and pursue actual or prospective legal claims

    Where do we get the personal data which we process?

    We get personal data from the individuals concerned and also from third parties. When we get personal data from third parties, we receive it from their employers, their opponents in cases, their lawyers and accountants, courts and tribunals, their medical professionals and other relevant advisers and specialists, witnesses, our clients and those referring prospective clients to us. If the need arises, we may also get information from publicly accessible sources to find out if an individual has an outstanding judgment against them or from agencies to confirm ID or trace an individual or to access case law legal authorities. We may look up information about a business or an individual on public facing websites and social media. We check details about the directors of companies who instruct us on public facing websites.

    Our clients who are themselves data controllers must only give us personal data if that personal data has been lawfully processed and there is a lawful basis to give it to us.

    Who receives personal data which we process?

    The following categories of people receive or may receive personal data which we process:

  • Our clients
  • Group companies of our clients
  • Opponents of our clients (directly or via representatives)
  • Actual or prospective witnesses for our clients in litigation
  • Courts and employment tribunals
  • Recipients receiving information to allow us to comply with legal obligations such as our regulators
  • Provider of services to us
  • Our insurers and insurance brokers
  • The organiser of the South Oxon HR Network
  • People or businesses to whom we may make referrals: of prospective clients, clients, suppliers and possible suppliers
  • If we were to merge, transfer or sell our business or its assets, our new or prospective business partners or the new or prospective owners

    Do we transfer personal data abroad?

    We do not transfer personal data to a third country outside the European Economic Area.

    If we exceptionally intend to transfer personal data to any other country in the course of acting for a client, we will notify the client concerned.

    Exceptionally, to provide a high quality of service, we may work on matters when we are outside the EEA (for example, when on business or even if we are on holiday.) We will notify the client concerned.

    How long will we keep personal data?

    We will keep personal data for periods based on the following criteria:

    Client files:
  • 7 years from file closure/end of matter with certain exceptions. For corporate clients, we will retain certain matter details until a date based on 7 years from the client ceasing to instruct us on any issue. Data may be kept longer if there were an outstanding dispute

    Prospective client enquiries (where the person decides not to use us):
  • 2 years from enquiry

    Marketing database:
  • Within one month of a request for deletion

    Those to whom we may refer business and business contacts; marketing data (excluding database):
  • Until closure of business subject to relevance

    Supplier information:
  • For as long as we have a relationship with the supplier (and for 3 years afterwards) or think we might want to buy products or services from them, or for the duration of a dispute with the supplier

    Regulator records:
  • 6 years and 4 months after closure of business

    Information showing identity:
  • 5 years after file closure

    Are you obliged to provide your personal data to us, and what happens if you do not do so?

    You are not obliged to provide any personal data to us. However, if you enquire about using our services, we will need to obtain certain data from you in order to decide whether or not we can assist you. If you do not provide us with minimum information, we will not be able to take you on as a client. You may also decide to give us additional information at that stage. Clients will need to give us their personal data so that we can provide our services. If they do not provide the personal data, we will not be able to provide our services. If we act for a client in litigation, a stage will be reached where the client must provide all documents relevant to their case in order to comply with an order of the court of tribunal. If they fail to do so, and we are aware of this, we will have to stop acting for the client.

    Automated decision making processes

    We do not use any automated decision making processes.

    The legal basis for our processing of personal data

    The legal bases for our processing of personal data are:

  • “Consent”: the data subject has given consent to the processing for one or more specific purposes. The only context in which we rely on this basis is for consents from non client contacts to send them newsletters and information
  • “Performance of a Contract”: the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
  • “Legal Obligation”: the processing is necessary for our compliance with a legal obligation to which we are subject
  • “Legitimate Interest”: the processing is necessary for the purposes of our legitimate interests or a third party’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject

    If we rely on the legitimate interest ground for data processing, our legitimate interests include the following:

  • To advise and act on behalf of clients in order to generate revenue
  • To decide if we can offer legal advice to a prospective client
  • To “know” our client
  • Contact and communication purposes
  • For updating and enhancing client records while the matter is active
  • For legal and regulatory compliance and demonstrating compliance
  • For analysis to help us manage our practice
  • To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims
  • To detect fraud and loss
  • To invoice clients, keep track of payments, and recover monies due to us
  • To deal with feedback, queries or complaints
  • To market similar services to those which we are already providing to a client
  • To try to win business
  • For selecting suppliers and managing information relating to our suppliers and prospective suppliers
  • To establish or pursue actual and prospective legal claims
  • To create, grow and sustain a referral and business network to benefit those whom we refer, ourselves and the third parties to whom we give referrals
  • To close files in a risk compliant manner

    Legal basis for processing sensitive personal data

    Sensitive personal data relates to health, sexuality, race, political opinions, religion or philosophical beliefs, sexual life, and trade union membership, and criminal offences.

    The legal bases for our processing of sensitive personal data are:

  • “Employment Law Obligations”: the processing is necessary to carry out our obligations and exercise our rights or those of the data subject in the field of employment law in so far as it is authorised by UK law
  • “Legal Claims”: the processing is necessary for the establishment, exercise or defence of legal claims

    Rights of data subjects

    Where our processing of data is based on the consent of the data subject, the data subject may withdraw that consent at any time. This will not affect the lawfulness of the processing of the data before the consent was withdrawn.

    Please keep us informed if your personal data changes during our relationship with you. Data subjects have the right to request from us access to their personal data, and rectification or erasure of personal data and restriction of processing and to object to processing. In certain circumstances, we have the right to refuse such requests. We do not process data in a way to give data subjects the right to data portability.

    If data subjects consider that our processing of their personal data is not in compliance with the Data Protection Act, please contact us in the first instance so that we have a chance to deal with your concerns. Data subjects may complain to the Office of the Information Commissioner. The contact information is: Information Commissioner's Office. Wycliffe House. Water Lane. Wilmslow. Cheshire. SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

    Links on our website to third party websites

    Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

    If you have any questions or queries regarding this policy, please contact jkelly@employmentlawplus.com. We will do our best to deal with your questions or queries as soon as possible.

    We may update this Policy at any time and the up to date version will appear on our website at www.employmentlawplus.com. Updates will be marked with a new date. You can obtain historic versions from us. We may provide you from time to time with more specific processing of personal data information and this Statement is not intended to override this.

    Rev 25 May 2018