TJD Law takes the security and privacy of your data seriously, and is committed to operating in a way that complies with the provisions of the General Data Protection Regulations (GDPR). We recognise that the data we hold about you must be collected, processed, stored and disposed of in a manner that is fair, lawful and transparent, and with due regard to confidentiality.
This policy sets out the situations in which we, as a ‘data controller’, may obtain your personal data, the type of information collected, and how that information is used, stored and retained. It also sets out your rights as a ‘data subject’ in relation to the information that we hold about you.
Please read the following carefully to ensure that you understand our practices with regard to the processing of your personal data. By visiting our website (www.tjdlaw.co.uk), submitting an enquiry, or contacting us by email or telephone, you are accepting the terms of this policy.
Who are we?
TJD Law is a trading name of SJ Stoker Solicitors, a Partnership, authorised and regulated in the UK by the Solicitors Regulation Authority (SRA) as a Recognised Body under SRA number 626817. For the purpose of the data protection registration, the data controller is SJ Stoker Solicitors and our ICO Registration Reference is ZA159751.
How do we collect information?
Information provided by you
In most cases, the information will be provided by you directly in order to help us determine whether we can assist you and, if so, to give you the appropriate legal advice and support. This might be by way of:
- submitting an enquiry through our website;
- telephone conversations;
- face-to-face meetings;
- sending us emails or letters;
- sending us documents or files to review (whether electronically or as hard copies);
- completing our ‘Client Details’ form;
- subscribing to our electronic newsletters;
- attending an event that we host or at which we present; or
- completing a client satisfaction survey.
Information we collect automatically
When you visit our website (www.tjdlaw.co.uk), or click on any of the links in our electric newsletter, we may collect certain technical information about your device and your browsing actions and patterns. This information is collected by automated technologies such as ‘cookies’.
Cookies are small data files which are deposited and stored on your computer’s hard drive when you visit a particular webpage. They enable us to monitor website traffic and let us know when you visit a particular page. This, in turn, helps us to improve our website and make it more user-friendly. It also means that we can continually improve and tailor the services that we offer to better meet the needs of our clients.
Most computers automatically accept cookies, but you can change your settings so that you will not receive cookies and you can also delete existing cookies from your computer. If you do change your settings, you may find that certain parts of our website do not function as intended.
Information we obtain from other sources
To comply with our legal obligations under anti-money laundering legislation, we are obliged to verify the identity of our clients. One way in which we do this is to use a third-party provider (CreditSafe), who conduct a search against various databases including the UK Edited Electoral Roll; UK National Identity Register; UK Landline; UK Credit Header; UK Births and Deaths; and International PEP (Politically Exposed Persons).
The information received may confirm the existence, or otherwise, of your personal details on these databases (which, of itself, may be considered to be personal data). However, this mainly serves to simply verify the personal data that we already hold.
Depending upon the nature of your case, we might, with your consent, obtain information about you from other sources such as your employer or former employer, medical advisers, ACAS, a Court of Employment Tribunal, or from relevant witnesses.
We may also acquire information about you from publicly available sources such as Companies House, the Internet or social media sites.
If you are an ‘opponent’ to our client in a dispute or settlement negotiation, we may obtain information about you (or, if you are a business, about your members, officers or staff) from a number or sources including our own client, your legal representative, medical advisers, ACAS, a Court or Employment Tribunal, or from relevant witnesses. In some cases, the information we hold about you may be protected from any duty of disclosure by legal professional privilege.
What information do we collect?
If you have merely visited our website, the data collected will be limited to information concerning your device and your general browsing habits as described above in the section on Cookies. This might include information such as the Internet Protocol (IP) address of your computer; how you found our website (e.g. through a search engine); date and time of viewing our website; services viewed or searched for; page response times; length of visits to certain pages; and page interaction information (such as links that are clicked and whether articles are shared on social media).
If you subscribe to our newsletter, you will be asked to provide your name, email address, company and job title. Automated technology may also collect information about whether you have opened our newsletter email, whether you have clicked on any links in the newsletter, and whether you have shared the newsletter on social media.
However, when you contact us with an enquiry, seek an initial consultation or instruct us to undertake work on your behalf, we may collect a range of personal data about you. This might include, but is not limited to:
- your name and home contact details (address, e-mail and phone numbers);
- date of birth;
- marital status and family details;
- employer and work contact details (address, e-mail and phone numbers);
- job title, workplace duties and responsibilities, and terms of employment;
- education history, training, qualifications and job references;
- immigration status;
- information relating to disciplinary and grievance proceedings involving you;
- information relating to your behaviour and performance at work;
- details of your personal circumstances and business affairs;
- details of any current or potential litigation involving you;
- financial and credit information;
- bank account details and tax status;
- documents confirming your identity and residence (e.g. passport, driving licence, home utility bills);
If you are a business client, this may also include:
- personal data (of the type described in this section) in respect of your directors, shareholders, partners, trustees, staff or consultants;
- personal data of your customers, suppliers, agents or other business contacts.
Due to the nature of the employment law and discrimination law work that we undertake, this might also include special categories of personal data (formally known as ‘sensitive personal data’) where it is relevant to your case. This might include:
- your racial or ethnic origins,
- your religious or philosophical beliefs;
- your political opinions;
- whether you are a member of a trade union;
- your physical or mental health;
- your genetic or biometric data;
- your sex life and sexual orientation; and/or
- any criminal convictions and offences.
Why do we need your personal data?
There are three main reasons why we need to collect and process your personal data:
- Firstly, and most obviously, in order to perform our contract with you and carry out the work that you have instructed us to undertake.
- Secondly, to comply with our legal obligations which, as you will appreciate, we have little choice about.
- Thirdly, where it is necessary for the purposes of our legitimate interests.
This last point requires a little more explanation. Our legitimate interests may include the need to take action to protect or enforce our legal rights, or the need to process your data in connection with a possible sale of the business, outsourcing of back-office services, or some form of business collaboration or joint enterprise with a third party. It may also include us needing to process personal data in connection our own marketing activities, to improve and tailor our services to better meet the needs of our clients. However, we will only process your data for these reasons if we are confident that our interests do not override or unduly prejudice your own rights as a data subject.
Where any of these three main reasons apply, we are permitted to process your data (excluding the special categories of data) without requiring further consent. If you choose not to provide us with certain personal data, this may limit the scope of work that we are able to undertake for you, or prevent us from acting for you entirely. In this event, we shall explain the likely consequences to you so that you may make an informed choice as to how you wish to proceed.
Special categories of personal data
Save where a specific exemption applies under the GDPR, we only process special categories of your personal data (see above) if we have your explicit consent to do so. You are not obliged to give you consent, but this may affect our ability to undertake work on your behalf that we believe would be in your best interest. In this event, we shall explain the likely consequences to you so that you may make an informed choice as to how you wish to proceed.
Automated decisions and profiling
We do not take automated decisions about you using your personal data and we not undertake any profiling operations in relation to you.
How do we use your personal data?
We may use information held about you in the following ways:
- to contact and communicate with you, and keep a record of such communications;
- to assess your enquiry and determine whether it is a matter that we can assist with;
- to evaluate, advise and assist you in relation to the work that you instruct us to undertake, and to carry out our obligations arising from your instructions;
- to keep appropriate records of the work undertaken and advice provided;
- to search against our client database and ensure that no conflict of interest arises;
- to verify your identity and residence in order to comply with anti-money-laundering regulations and risk management procedures;
- to comply with our legal, professional and regulatory obligations, including those of the Solicitors Regulation Authority;
- to comply with court or tribunal orders;
- to detect and prevent fraud or other illegal activity;
- to bill you and deal with any necessary financial transactions as part of our services;
- to ensure and monitor non-discriminatory practices;
- to investigate complaints, report to our insurers, or take action to protect or enforce our legal rights;
- to provide you with newsletters, legal updates, marketing materials and information about other services we offer that may be of interest to you;
- to administer our website and its operations, including troubleshooting, data analysis, testing and statistical purposes;
- to improve our website and ensure that its contents are accessible and presented in the most effective manner for you and for your computer; and
- to assist us in evaluating and improving our range of services and the topics for our newsletters/events so as to better meet the needs of our clients.
Sharing your information
We will never sell or distribute your personal information for general marketing purposes by third parties.
We may share your personal information with third party organisations where this is necessary to perform the work that you have instructed us to undertake. This may include:
- Barristers instructed to advise on your case or represent you at a court or tribunal hearing;
- Lawyers with alternative specialisms or operating in other legal jurisdictions;
- Medical advisers or other experts;
- Courts and tribunals as necessary to advance your case;
- Your ‘opponent’ in any dispute, as necessary to advance your case;
- ACAS or private mediators, as necessary to advance settlement negotiations;
- Our carefully selected business contacts and professional advisers (e.g. Accountants, HR Consultants, Health and Safety Consultants, Training Providers, Legal Expenses Insurers, Enquiry Agents) who may be able to assist in providing ancillary services (but only where we legitimately believe that this would be in your best interests);
- CreditSafe, or other credit reference agencies, for the purpose of complying with anti-money laundering legislation (this does not affect your credit rating); and
- Government agencies holding official records (e.g. DVLA, Land Registry).
We require these external third parties to have implemented appropriate systems and procedures to keep your personal data confidential and secure, and to protect it in accordance with the law and their own privacy policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
We may also disclose your personal information:
- if we are under a duty to disclose or share your personal data in order to comply with any legal, professional and regulatory obligations (including those of the Solicitors Regulation Authority, HMRC or law enforcement authorities);
- to any organisation with whom we enter a contract concerning a sale of the business, outsourcing of services, or some other form of business collaboration or joint enterprise.
Website analysis providers (Google Analytics) have access to Cookies on our website to assist with improving website performance, statistical analysis of browsing habits and search engine optimisation.
Nettl of Exeter assist us with publishing our electronic newsletters and so have access to our marketing distribution list. This includes names, emails addressed, job titles and company names. They are only permitted to process this data in accordance with our instructions.
If you wish to opt out of receiving our electronic newsletters, you can do so at any time by clicking the ‘unsubscribe’ link at the bottom of the email. You will then be removed from our marketing distribution list, although we will still retain your personal data if necessary for the other lawful purposes as set out in this Policy.
Transfers outside of European Economic Area
We do not intentionally send your personal data outside the European Economic Area (“EEA”). However, with regard to the location of the servers that support cloud-based storage systems, we understand that your personal data could be stored at a destination outside the EEA. We shall only use cloud-based storage providers that guarantee equivalent protections to that of the GDPR under the EU-US Privacy Shield Framework.
Storage and Retention
We will ensure that personal data is processed securely, including protection against unauthorised access, unlawful processing, unintentional dissemination, and against accidental loss or damage.
We will maintain the integrity and confidentiality of your personal data by ensuring that is it accurate and suitable for the purpose for which it is processed, and that only people who are authorised to use the data can access it.
Our security procedures include:
- Entry controls. Entrance to our office building requires an authorisation card or permission from our receptionist. All visitors are required to sign in at reception. Our specific office also has a separate door which is kept locked when the office is vacant.
- Physical security. Personal data in hard copy format will be stored in lockable cabinets, which will be kept locked when the office is vacant.
- Portability. Personal data recorded in a hard copy format will not be removed from the business premises unless absolutely necessary for the legitimate purposes of the business and providing it is kept secure at all times.
- Electronic security. Personal data recorded in digital format will be stored on secure servers, including the use of cloud-based storage systems operated by third parties, with access restricted through the use of passwords and authentication processes. All electronic devices will also be password protected.
- Methods of disposal. Paper documents will be shredded. Digital files will be permanently deleted when they are no longer required.
Your personal data will be retained for the duration of your retainer with us, and for a further period of 6 years from the completion of the work. This period is deemed necessary in order for us to pursue or defend any legal claims in connection with your case (some of which carry a limitation period of 6 years). At the end of the retention period, materials will be securely erased or destroyed as described above.
We reserve the right to reproduce and store files in electronic form only and to destroy any paper copies after a reasonable period.
Limits on our control
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to our website; any transmission is at your own risk.
Our site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to such websites.
Subject access requests
You have a right to find out about our processing of your personal data by making a ‘subject access request’ (‘SAR’). If you wish to make a SAR, you should submit your request in writing using our contact details under the ‘Who are we?’ section above. It will greatly assist us in responding to your request if you are able to provide a degree of detail regarding the nature and scope of your request.
We must respond within one month unless the request is complex, in which case this period may be extended by a further two months.
There is no fee for making a SAR. However, if your request is manifestly unfounded, excessive or repetitive, we may charge a reasonable administrative fee or refuse to respond to your request.
In addition to making an SAR:
- You have a right to ask us to correct any inaccuracies in your personal data;
- You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to retain it for the purpose it was collected;
- You have the right to object to our processing of your personal data if you believe that your rights and freedoms outweigh our legitimate interests as described in this policy;
- While you are requesting that your personal data is corrected or erased, or are contesting the lawfulness of our processing, you have the right to apply for its use to be restricted;
- You have the right to ask us not to process your personal data for direct marketing purposes and to remove your contact details from our marketing distribution list;
- You have the right to receive a copy of your personal data and to request the transfer of your personal data to a third party;
- In most situations, we do not rely on your consent to provide a lawful basis for us to process your data. If we do, however, request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later; and
- You have the right to be notified of a security breach concerning your personal data if this is likely to result in a high risk to your rights and freedoms.
If you wish to exercise any of these rights, please contact us in writing using the information under the ‘Who are we?’ section above.
If you have any complaint relating to the processing of your personal data or the exercise of your data subject rights, we ask that you initially raise this with us directly and we shall use our best endeavours to resolve it fairly and promptly. Our contact details are under the ‘Who are we?’ section above.
You also have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
Updated: May 2018
TJD Law ©