PERSONAL DATA INFORMATION STATEMENT
This statement is to comply with our obligation to provide required information to people about whom we hold and process data, under the General Data Protection Regulation.
The Data Controller is Employment Law Plus (UK) Ltd. Our contact details are above. We have not appointed a data protection officer. We are registered with the Information Commissioner’s Office under registration number Z2481948.
What information will you get about me if I use your contact box on your website?Our email contact form on our website only captures an enquirer's name and email address along with IP address of the computer used to make the request. No cookies are captured. Obviously, any information which you choose to type into the contact box will be provided to us.
Data securityWe have put in place appropriate security measures to prevent your personal data from being lost, used, altered, disclosed or accessed in an unauthorised way.
What categories of personal data do we process?We process the following categories of personal data:
Corporate client staff contact details and their opinions and instructionsData about private clients, including personal details, family details, lifestyle and social circumstances, goods and services, financial details, their business and education and employment details (“Personal Details”); and sensitive data about health, sexuality, race, political opinions, sexual life, trade union membership, offences and alleged offences, criminal proceedings and outcomes (“Sensitive Data”)Data showing identityData about workers of corporate clients and other third parties relating to their issues including Personal Details and Sensitive DataData about colleagues of private clients and other third parties relating to their issues including Personal Details and Sensitive DataContact details of prospective clients and issues around their cases, including Personal Details and Sensitive DataContact details of representatives of parties with whom our clients are involved in a deal or with whom they have a dispute, and their opinionsContact details of our suppliers and potential suppliers and their staff and details of their services and opinionsContact details of referees and potential referees and business contacts and their staff and details of their services and opinionsContact details of the staff at our regulators and professional organisations and their opinions and adviceData in the public domain about court and tribunal judgmentsWhy we process personal data We process data to run a business providing legal services, authorised and regulated by the Solicitors Regulation Authority including:
Primarily to advise and act on behalf of clients
For contact and communication purposes
To send legal updates that we may circulate from time to time, and news about the South Oxon HR Network
To book a person onto an event
For updating and enhancing client records
To decide if we can offer legal advice to a prospective client or to provide information to enable a prospective client to decide if they wish to use our services
To refer clients or prospective clients to a specialist adviser
To verify a client’s identity and check any relevant background circumstances for anti-money laundering purposes and 'know your client' purposes
For selecting suppliers and managing information relating to our suppliers and prospective suppliers
For legal and regulatory compliance
To deal with feedback, queries or complaints
To close files in a risk compliant manner
For analysis to help us manage our practice
To try to win business, for example, by providing legal updates or communications about our services or events clients and contacts may be interested in attending
To create, grow and sustain a referral network to benefit those whom we refer, ourselves and the third parties to whom we give referrals
To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims
To detect fraud and loss
To invoice clients, keep track of payments, recover monies due to us and take legal actions
To administer our business
To establish and pursue actual or prospective legal claims
Where do we get the personal data which we process?
We get personal data from the individuals concerned and also from third parties. When we get personal data from third parties, we receive it from their employers, their opponents in cases, their lawyers and accountants, courts and tribunals, their medical professionals and other relevant advisers and specialists, witnesses, our clients and those referring prospective clients to us. If the need arises, we may also get information from publicly accessible sources to find out if an individual has an outstanding judgment against them or from agencies to confirm ID or trace an individual or to access case law legal authorities. We may look up information about a business or an individual on public facing websites and social media. We check details about the directors of companies who instruct us on public facing websites.
Our clients who are themselves data controllers must only give us personal data if that personal data has been lawfully processed and there is a lawful basis to give it to us.
Who receives personal data which we process?
The following categories of people receive or may receive personal data which we process:
Our clients
Group companies of our clients
Opponents of our clients (directly or via representatives)
Actual or prospective witnesses for our clients in litigation
Courts and employment tribunals
Recipients receiving information to allow us to comply with legal obligations such as our regulators
Providers of services to us
Our insurers and insurance brokers
The organiser of the South Oxon HR Network
People or businesses to whom we may make referrals: of prospective clients, clients, suppliers and possible suppliers
If we were to merge, transfer or sell our business or its assets, our new or prospective business partners or the new or prospective owners
Do we transfer personal data abroad?
We hold personal data in the UK and transfer personal data to a third country within the European Economic Area. We do not transfer personal data to a third country outside the European Economic Area.
Exceptionally, to provide a high quality of service, we may work on matters when we are outside the EEA (for example, when on business or even if we are on holiday.) We will notify the client concerned.
How long will we keep personal data?
We will keep personal data for periods based on the following criteria:
Client files:
7 years from file closure/end of matter with certain exceptions. For corporate clients, we will retain certain matter details until a date based on 7 years from the client ceasing to instruct us on any issue. Data may be kept longer if there were an outstanding dispute
Prospective client enquiries (where the person decides not to use us):
2 years from enquiry
Marketing database:
Within one month of a request for deletion
Those to whom we may refer business and business contacts; marketing data (excluding database):
Until closure of business subject to relevance
Supplier information:
For as long as we have a relationship with the supplier (and for 3 years afterwards) or think we might want to buy products or services from them, or for the duration of a dispute with the supplier
Regulator records:
6 years and 4 months after closure of business
Information showing identity:
5 years after file closure
Are you obliged to provide your personal data to us, and what happens if you do not do so?
You are not obliged to provide any personal data to us. However, if you enquire about using our services, we will need to obtain certain data from you in order to decide whether or not we can assist you. If you do not provide us with minimum information, we will not be able to take you on as a client. You may also decide to give us additional information at that stage. Clients will need to give us their personal data so that we can provide our services. If they do not provide the personal data, we will not be able to provide our services. If we act for a client in litigation, a stage will be reached where the client must provide all documents relevant to their case in order to comply with an order of the court of tribunal. If they fail to do so, and we are aware of this, we will have to stop acting for the client.
Automated decision making processes
We do not use any automated decision making processes.
The legal basis for our processing of personal data
The legal bases for our processing of personal data are:
“Consent”: the data subject has given consent to the processing for one or more specific purposes. The only context in which we rely on this basis is for consents from non client contacts to send them newsletters and information
“Performance of a Contract”: the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. For example, when a client wishes to instruct us to carry out legal services for them
“Legal Obligation”: the processing is necessary for our compliance with a legal obligation to which we are subject. For example, to identify clients in certain circumstances to comply with anti-money laundering laws
“Legitimate Interest”: the processing is necessary for the purposes of our legitimate interests or a third party’s legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject For example, so that we can decide if we can offer services to a prospective client
“Protection of vital interests”: the processing is necessary to protect the vital interests of the data subject. For example, if a client were to fall ill in our office
If we rely on the legitimate interest ground for data processing, our legitimate interests include the following:
To advise and act on behalf of clients in order to generate revenue
To decide if we can offer legal advice to a prospective client
To “know” our client
Contact and communication purposes
For updating and enhancing client records while the matter is active
For legal and regulatory compliance and demonstrating compliance
For analysis to help us manage our practice
To provide information to our insurers and their brokers and solicitors and to be ready to defend ourselves against claims or prospective claims
To detect fraud and loss
To invoice clients, keep track of payments, and recover monies due to us
To administer our business
To deal with feedback, queries or complaints
To market similar services to those which we are already providing to a client
To try to win business
For selecting suppliers and managing information relating to our suppliers and prospective suppliers
To establish or pursue actual and prospective legal claims
To create, grow and sustain a referral and business network to benefit those whom we refer, ourselves and the third parties to whom we give referrals
To close files in a risk compliant manner
Legal basis for processing sensitive personal data
Sensitive personal data relates to health, sexuality, race, political opinions, religion or philosophical beliefs, sexual life, and trade union membership, and criminal offences.
The legal bases for our processing of sensitive personal data are:
“Employment Law Obligations”: the processing is necessary to carry out our obligations and exercise our rights or those of the data subject in the field of employment law in so far as it is authorised by UK law
“Legal Claims”: the processing is necessary for the establishment, exercise or defence of legal claims
“Protection of vital interests”: the processing is necessary to protect the vital interests of the data subject. For example, if a client were to fall ill in our office
“Public information”: the data subject has made the information public
“Public interest”: the processing is necessary for reasons of public interest. For example, to undertake activities in relation to the prevention of fraud or other dishonest activities or unethical conduct
Rights of data subjects
Where our processing of data is based on the consent of the data subject, the data subject may withdraw that consent at any time. This will not affect the lawfulness of the processing of the data before the consent was withdrawn.
Please keep us informed if your personal data changes during our relationship with you. Data subjects have the right to request from us access to their personal data, and rectification or erasure of personal data and restriction of processing and to object to processing. In certain circumstances, we have the right to refuse such requests. We do not process data in a way to give data subjects the right to data portability.
If data subjects consider that our processing of their personal data is not in compliance with the Data Protection Act, please contact us in the first instance so that we have a chance to deal with your concerns. Data subjects may complain to the Office of the Information Commissioner. The contact information is: Information Commissioner's Office. Wycliffe House. Water Lane. Wilmslow. Cheshire. SK9 5AF. Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Links on our website to third party websites
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
If you have any questions or queries regarding this policy, please contact jkelly@employmentlawplus.com. We will do our best to deal with your questions or queries as soon as possible.
We may update this Policy at any time and the up to date version will appear on our website at www.employmentlawplus.com. Updates will be marked with a new date. You can obtain historic versions from us. We may provide you from time to time with more specific processing of personal data information and this Statement is not intended to override this.
Rev 4 Mar 2019
