A R Brown & Co has always looked after their clients’ details and will continue to do so. We use information received from clients and related organisations to provide legal services tailored to our clients’ needs.
AR Brown & Co is small law firm in the UK offering legal services to small and medium-sized businesses and private individuals.
As an essential part of our business, we collect and manage client and non-client data. In collecting and managing client and non-client data doing so, we observe the UK data protection legislation. Specifically, we act as a “Data Controller” in respect of the information collected and processed by us.
If you have any comments or queries regarding our use of your data, please contact our Data Compliance Manager at firstname.lastname@example.org
Alternatively, you can write to AR Brown & Co, 37 Goring Road, Worthing, West Sussex BN12 4AR
What Information Do We Collect About You?
In general terms, we seek to collect information about you so that we can:
- Administer our relationship with you, provide tailored legal services and respond to enquiries
- Ensure the billing of any services rendered and obtain payment
- Process and respond to any complaints
- Enable us to meet our legal and other regulatory obligations imposed on us
- Audit usage of our websites.
The information that we need for these purposes is known as your “personal data”. This includes your name, home address, email address, national insurance number, telephone and other contact numbers and financial information. We collect this in a number of different ways. You may provide this data to us in person or over the telephone, or when corresponding with us by letter or e-mail.
We also process sensitive classes of information that includes physical or mental health details.
We will seek your permission if we need to record any of your sensitive personal data on our systems.
The data will be sorted in an electronic format and in hard copy format.
How Will We Use The Information?
We use the data collected from you for the purposes listed in the table below. Please note that this also explains:
The legal basis for processing your data, linked to each processing purpose; and
In what circumstances your data will be shared with a third party organisation.
|Purpose for processing data||Legal basis for processing data||Third party organisations with whom data is shared|
|To administer our relationship with you, provide services and respond to enquiries.||To meet the requirements of our contract with you.||HMRC, Probate Registry, Office of The Public Guardian, Court of Protection, Local Authorities, Medical and Health Professionals, Estate Agents, Lenders, Financial/Mortgage Advisors and other Solicitors|
|To ensure the billing of any procured services by you and obtain payment.||To meet the requirements of our contract with you.||Government VAT and tax inspectors, external auditors, internal auditors.|
|To process and respond to complaints.||To meet a legal obligation.||None|
Under the terms of data protection legislation, you have the following rights:
Right To Be Informed
This privacy notice fulfils our obligation to tell you about the ways in which we use your information.
Right of Access
You have the right to ask us for a copy of any personal data that we hold about you. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We will send you a copy of the information within 30 days of your request. In certain circumstances it may take us longer than 30 days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
To make Subject Access Request, please write to our Data Compliance Manager at email@example.com
Right to Rectification
If any of the information that we hold about you is inaccurate or incomplete, you can either:
Contact our Data Compliance Manager at firstname.lastname@example.org
Right to Be Forgotten
From 25 May 2018, you can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. For further information, please contact 01903 237 118 or alternatively, please contact our Data Compliance Manager at email@example.com
Right to Object
You have the right to object to:
The continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
The continued use of your data for any purpose listed above for which the lawful basis of processing is that we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Right to Restrict Processing
If you wish us to restrict the use of your data because (i) you think it is inaccurate but this will take time to validate, (ii) you believe our data processing is unlawful but you do not want your data erased, (iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or (iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Compliance Manager at firstname.lastname@example.org
Right to Data Portability
If you would like to move, copy or transfer the electronic personal data that we hold about you to another organisation, please contact our Data Compliance Manager a email@example.com
How Long Will We Retain Information For?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, contractual and/or reporting requirements and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients . We will typically retain information for a period of seven years. However Deeds and Wills stored for clients will be retained indefinitely, or until required by you.
None of the information that we collect process or store as a result of this website is transferred outside of the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described above.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Questions and comments regarding this Privacy Notice are welcomed, and should be sent to our Data Compliance Manager at firstname.lastname@example.org
You have the right to lodge a complaint with the Information Commissioner’s Office who may be contacted at Wycliffe House, Water Lane, Wilmslow SK9 5AF or https://ico.org.uk. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.