Inheritance Law – Privacy notice for clients and third parties
You have received this notice as Inheritance Law holds or may in future hold your personal data either because you are a client or a third party linked in some way to a client file.
My name is Caroline Brooks-Johnson and I am a sole practitioner solicitor providing legal advice and assistance to my clients under the practice name of Inheritance Law. Inheritance Law regulated by the Solicitors Regulation Authority (“SRA”).
‘Data Protection Law’ includes the General Data Protection Regulation 2016/679; the UK Data Protection Act 2018 and all relevant EU and UK data protection legislation.
For the purposes of data protection law “personal data” is information stored digitally or in a paper file from which an individual can be identified or is identifiable. It includes:
- Your name, date of birth and contact details
- Documents taken to verify your identity
- Details of your bank account
- My notes of any meetings or conversations with you relating to the matter
- Details of your financial position and pension arrangements
- Your national insurance number and tax references
The data may have come directly from you or from a third party or institution.
Use of your personal data
Under data protection law I can only use your personal data if I have a proper legal reason for doing so such as:
- With your consent
- If needed to perform my part of a contract with you (or before such contract is entered into)
- To enable me to comply with the law and my regulatory obligations
- To protect my legitimate interests or those of a third party
Therefore I may use this information to enable me to:
- Identify you when you contact me
- Contact you during the course of your matter or following its completion if necessary (for example if I am holding original documentation for safekeeping)
- Act on your behalf in connection with your matter in accordance with my terms of business
- Contact you if you are a third party connected with a client matter
- Make any payment of funds due to you
- Comply with my regulatory requirements
- Identify or protect against fraud
In using your data I will ensure that:
- The legal basis for processing personal data is identified in advance and that all processing complies with the law
- I will not do anything with your data that you would not expect given the content of my data protection policy and this privacy notice
- I only collect and process the personal data that I need for purposes I have identified in advance
- As far as possible, the personal data I hold is accurate, or a system is in place for ensuring that it is kept up to date as far as possible
- I only hold onto your personal data for as long as it is needed, after which time I will securely erase or delete the personal data – my data retention policy sets out the appropriate period of time
- appropriate security measures are in place to ensure that your personal data can only be accessed by those who need to access it and that it is held and transferred securely
Special category personal data
This includes the following personal data revealing:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person
- an individual’s health
- a natural person’s sex life or sexual orientation
- criminal convictions or offences
In many cases I will not need to request or hold special category data. However there may be occasions when this is necessary. Examples may include (but are not limited to) recording information regarding:
- religious beliefs for the purposes of funeral arrangements
- someone’s health situation to assess how time critical a matter is
- the health situation of a proposed beneficiary in a trust or estate
- whether someone has mental capacity to make a decision under the Mental Capacity Act 2005
- sexual orientation when advising on Wills
I will only use special category personal data with your consent or otherwise:
- for the establishment, exercise or defence of a legal claim or
- to protect the vital interests of someone who is physically or legally unable to consent
Sharing your data
There will be times when I will need to share your personal data with:
- Other professionals who we instruct on your behalf such as barristers, accountants, capacity assessors, estate agents or financial advisors
- Other parties involved in your matter and their advisors
- Courts, HMRC, Probate Registries, the Office of the Public Guardian, Land Registry, HMRC, Social Services, Care agencies, the DWP
- My professional auditors and regulators
- Businesses or individuals who provide me with external services. This includes the staff at Churchill Square Business Centre and the company providing my legal case management software. I have taken steps to ensure that they will protect your personal data and can only use it to provide services to me in accordance with our contractual arrangements.
I may also disclose information to law enforcement agencies to comply with my legal obligations.
I keep personal data at my office and electronically. I have measures in place to ensure the safe storage and transmission of such data.
Holding your data at the end of a matter
Whilst a file is open I hold a hard copy of certain documents but the complete file is stored electronically. Following closure of your file I destroy any physical documents (other than those I have been asked to retain) and retain the electronic file as long as is necessary in accordance with my data retention policy.
You have the right to request free of charge:
- A copy of the personal data I hold. I have 30 days from the date of your request to provide this, but I may need you to provide further information before I do so. I may refuse the request but would explain why this is the case.
- That I rectify any errors in the data I hold.
- That I restrict processing of your data in some cases, for example, if you contest its accuracy.
- That your personal data is erased. Again I have 30 days to comply or to refuse such a request. There may be reasons why I am unable to agree to the request such as:
- I have a legal obligation to keep the data
- I wish to retain the data for defending legal claims
Information Commissioner’s Office
Inheritance Law is registered with the Information Commissioner’s Office (ICO) under registration number ZA062869. More information about the ICO can be found at www.ico.org.uk
If you have any concerns or wish to exercise any of your rights under the GDPR, then you can contact me in the following ways:
Inheritance Law Suite 2 80 Churchill Square Kings Hill West Malling ME19 4YU
Monitoring and review
This policy was last updated on 25 May 2018 and shall be regularly monitored and reviewed, at least every two years.