What is the purpose of this document?
Altor Employment Solicitors Limited is committed to protecting the privacy and security of your personal information. Altor Employment Solicitors Limited (the “Firm”) is regulated by the Solicitors Regulation Authority (“SRA”) under number 657334.
This privacy notice describes how the Firm collects and uses personal information about you. It provides you with certain information that must be provided under the General Data Protection Regulation (“GDPR”).
You have been referred to this privacy notice because you have instructed the Firm to advise you and/or to represent you.
Simon Whysall, trading as Altor Employment Solicitors, is a “data controller” and is responsible for deciding how we hold and use personal information about you.
In many instances the majority of personal data we collect about you and use will be subject to legal professional privilege and to that extent, such personal data is exempt under the GDPR. We are also a regulated legal professional business, regulated by the SRA and are subject to their rules, which include a need to comply with the SRA Code, the SRA Handbook and the SRA Principles. This does not mean that we will not put in place appropriate protections when handling and processing your personal data or that your personal data will not be kept confidential. As a regulated firm, we owe you a strict professional duty of confidentiality in respect of all information you provide to us and will only use your information when authorised to do so and for the purposes of acting for you, having regard to our overriding duty to the Courts and to certain regulatory authorities.
This notice therefore relates to personal data we hold about you that is not otherwise protected by legal professional privilege.
Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:
The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are “special categories” of more sensitive personal data which require a higher level of protection.
The information we collect, store and use about you will vary dependant on the purposes for which you have instructed us to act on your behalf. Generally, such information will include the following:
We may, if it is relevant to our work for you, also collect, store and use the following “special categories” of more sensitive personal information:
How is your personal information collected?
We collect and record personal information about you during meetings with you where we will record your instructions and the advice given to you in writing. We may also obtain personal information regarding you on the telephone or by email or through other mediums. We may also obtain personal information regarding you through our own research and/or social media and/or our investigation into your matter or through third parties (where relevant to your matter or in accordance with our regulatory requirements). We will also receive personal information concerning you from parties and/or their solicitors that we may be communicating with for the purposes of acting for you.
We collect this information in hard copy form in client files and electronically by email and on our case management system and using other media. We may also collect information on our mobile phones and/or other computer equipment which we use to enable us to undertake our work for you.
How we will use information about you
We will only use your personal information we collect about you to:
In most instances the personal data we collect about you will be subject to legal professional privilege and therefore sits outside the GDPR and is not subject to the GDPR.
To the extent that the personal data we collect about you does not amount to legal professional privilege, we will rely on one or more of the following legal basis for processing your personal data:
If you fail to provide personal information
If you fail to provide information when requested, which is necessary for the matter we are dealing with for you, we may not be able to continue acting for you. This may mean that we are unable to advise and/or act for you further.
How we use particularly sensitive personal information
“Special categories” of particularly sensitive personal information require higher levels of protection. This information includes the following information: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic/biometric data, health, sex life or sexual orientation.
We may use special categories of personal information in the following ways:
Information about criminal convictions
We may have to collect information about criminal convictions, if relevant to your matter. Such information will generally always be subject to legal professional privilege.
We will ensure that we have in place appropriate safeguards when processing this type of information, and will seek to do so in accordance with our regulatory obligations, and/or our data protection policy (where relevant).
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
We may have to share your data with third parties for the purposes of acting for you or to deal with regulatory requirements or for professional indemnity insurance purposes. In some situations, we may instruct third parties to advise and/or act for you (e.g. counsel, experts, medical professionals etc.).
We may also share your name, title, employer and contact details with our co-host if you attend an event that we co-host with other parties.
We may disclose your information to our third-party service providers for the purposes of providing services to us or directly to you on our behalf e.g. advertising agencies or administrative service providers. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We require third parties to respect the security of your data and to treat it in accordance with the law and/or our instructions or as part of our regulatory or insurance obligations.
The information that you send to us may be transferred to countries outside the UK. By way of example, this may happen if any of our servers or those of our third-party service providers are located in a country outside of the UK. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the UK in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected. These measures include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us if you would like more information about the protections that we have put in place.
What about other third parties?
We may share your personal information with other employees/consultants employed by the Firm as part of acting for you (but subject to our professional duties of confidentiality) and/or other third parties either for acting for you, representing your interests, to deal with regulatory compliance and for professional indemnity insurance purposes or otherwise to market our services (in the latter where we have your consent to use your details).
We have put in place measures to protect the security of your information. Details of these measures are available upon request.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
How long will you use my information for?
We have a client file retention and destruction policy. We also have in place a retention policy that sets out the criteria we adopt for retaining your personal information.
The criteria we consider when retaining your personal data includes:
Rights of access, correction, erasure, and restriction
Your rights in connection with personal information
This section only applies to the extent that the personal information we hold about you is subject to the GDPR.
Under certain circumstances, by law you have the right to:
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact initially the Partner (identified in your client care letter) in writing.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive or where such information is outside the GDPR (i.e. information that is subject to legal professional privilege). Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
Where we have relied on your consent for the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Partner identified in the client care letter sent to you at the outset of your matter. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. This may also mean that we have to cease acting for you if this compromises our ability to be able to do so.
If you have any questions about this privacy notice or how we handle your personal information, please contact Simon Whysall on email@example.com. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time. We may notify you in other ways from time to time about the processing of your personal information.