IMR Solicitors
Privacy Statement – 2021
Our privacy statement (“Statement”)
We are committed to protecting the privacy and security of personal information and we will ensure that information you provide to us is kept private and confidential and we will only use it to provide the services you request.
This statement does not form part of any contract that you may have with us. It is provided for information only.
We have appointed Ian Rimmer as a Compliance Officer for Data Protection (CODP) to oversee compliance with this policy. If you have any questions about this policy or how we handle personal information, please contact the CODP in writing using the details below.
Email: dataprotection@saslegal.co.uk
Postal address:
Compliance Officer for Data Protection
IMR Solicitors
147 Jeavons Lane
Cambourne
Cambridgehsire
CB23 5FA
This Statement is to explain our practices regarding the personal information we collect from you or about you through written or verbal communications with us, or from other sources.
By using any of our services you agree to the collection and use of Personal Information as described in this Statement. Please note that this Statement does not apply to our processing of personal information on behalf of and subject to the instructions of third parties.
The Data Protection Principles we uphold
We will comply with data protection law. The law says that the personal information that we hold must be:
-
Used in a lawful, fair and transparent way.
-
Collected only for valid purposes that we have clearly explained and not used in any way that is incompatible with those purposes.
-
Relevant to the purposes for which it was collected and limited only to those purposes.
-
Accurate and kept up to date.
-
Kept only as long as necessary for the purposes for which it was collected.
-
Kept securely.
The kind of information that we hold
We collect, store and may use some or all of the following categories of personal information about you:
-
(A) Client on-boarding information: name, title, job title, address, telephone number, email address, photographic identification, date of birth, credit check.
-
(B) Client file information: name, title, job title, address, telephone number, email address, bank account details.
-
(C) Matter file information: The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. Where we have collected this information other than from you, we will always ask you to confirm its accuracy. By way of example this category may include, amongst other things: tax details, marriage details, employment details, directorships, shareholding details or personal correspondence.
-
(D) Relationship information: name, title, job title, address, telephone number, email address, client relationship details (length of relationship, Firm contacts engaged with, meetings, calls and other engagement with the Firm), services details (departments used, number of engagements, references, reviews and testimonials) and dietary preferences.
-
(E) Marketing information: name, title, job title, address, telephone number, email address, company, engagement details (click-throughs, open rates, bounce rates, return to sender notifications) event attendance history, dietary preferences, payment details and marketing preferences.
-
(F) Social media information: username, company details and engagement details (likes, retweets, shares, reactions, comments).
-
(G) Monitoring: CCTV footage, vehicle details, swipe/fob records, PC login details, use of our IT and communications systems.
We may also collect, store and use the following ‘special categories’ of more sensitive personal information:
-
(H) Relationship information (sensitive): special access requirements, allergies.
-
(I) Matter information (sensitive): The categories of personal information that we hold about you for the purposes of specific matters that we are providing advice on will vary according to the type of matter. Where we have collected this information other than from you, we will always ask you to confirm its accuracy. By way of example this category may include, amongst other things: race or ethnicity, political opinions, philosophical or religious beliefs, trade union membership, biometric data, medical conditions, prescriptions, surgeries, therapies, medical history, disabilities and sexual orientation.
The kind of information that we share
We share your data with third parties, including third-party service providers, courts and other lawyers. We require all third parties to respect the security of your data and to treat it in accordance with the law.
Third-party service providers require access to your personal data in the course of providing their services to us. We engage third parties to provide the following services: public relations and marketing, IT support, dictation services, practice management systems, document management systems, case management systems, printing and reprographics support, event hosting services, email marketing management systems, survey and polling services and market insight services.
All third parties are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third parties to use your personal data for their own purposes. We only permit them to access your personal data for specific purposes and in accordance with our instructions.
We may share your personal information with other third parties, for example with a potential purchaser in the context of a potential sale or restructuring of the business. We may also need to share your personal information with a regulator to comply with the law.
Protecting Your Personal Information
We will take reasonable measures to: (i) protect personal information from unauthorized access, disclosure, alteration or destruction, and (ii) keep personal information accurate and up-to-date as appropriate. We also seek to require our affiliates and service providers with whom we share personal information to exercise reasonable efforts to maintain the confidentiality of personal information about you. For online transactions, we use reasonable technological measures to protect the personal information that you transmit to us via our site. Unfortunately, however, no security system or system of transmitting data over the Internet can be guaranteed to be entirely secure. For your own privacy protection, please do not send payment card numbers to us via email.
Your legal rights
Under certain circumstances, by law you have the right to:
Request access to your personal information. This is commonly known as a subject access request. This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
Request the reconsideration of an automated decision. This enables you to ask us to reconsider a decision that was made solely by automated means or to ask for human intervention.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, request that we transfer a copy of your personal information to another party or request the reconsideration of an automated decision, please contact our CODP by emailing: dataprotection@saslegal.co.uk
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our CODP at: dataprotection@saslegal.co.uk
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to.
How long we retain your Personal Information
We retain personal information about you for the period necessary to fulfil the purposes outlined in this Statement, unless a longer retention period is required or permitted by applicable law. We will destroy your personal information as early as practicable and in a way that the information may not be restored or reconstructed. If printed on paper, the personal information will be destroyed in a secure manner, such as by cross-shredding or incinerating the paper documents or otherwise and, if saved in electronic form, the personal information will be destroyed by technical means to ensure the information may not be restored or reconstructed at a later time.
If you fail to provide personal information
If you fail to provide certain personal information when we request it, we may not be able to perform our contract with you properly (such as providing you with legal advice) or we may be prevented from achieving our legitimate interests (such as engaging with you on social media).
We have a statutory obligation to conduct the checks that we use the client on-boarding information of clients. If you choose not to provide that information, we will not be able to engage you as a client of the Firm.
Your Choices – Marketing Communications
If you have given us your contact information (mail address, fax number, email address or phone number), we may want to inform you in accordance with any preferences you have expressed, and with your consent where required, about our products and services or invite you to events via email, online advertising, social media, telephone, text message (including SMS and MMS), push notifications, in-app alerts, postal mail, our customer service call centre, and other means, you may change the communications you receive from us by writing to us (and including your email address) at IMR Solicitors 147 Jeavons Lane, Cambourne, Cambridgeshire, CB23 5FA or by emailing us at dataprotection@saslegal.co.uk If you prefer not to receive email marketing materials from us, you may opt-out at any time by using the unsubscribe function in the email you receive from us. Opt- out requests can take up to ten business days to be effective.
Making changes to this Statement
We may modify this Statement from time to time. When we make material changes to this Statement we will post a link to the revised Statement on the homepage of our site, and if you have registered for any of your products or services, will may also inform you though a communications channel that you have provided. You can tell when this Statement was last updated by looking at the date at the date at the top of the Statement. Any changes to our Statement will become effective upon posting of the revised Statement on the site. Use of the site, any of our products and services, and/or providing consent to the updated Statement following such changes constitutes your acceptance of the revised Statement then in effect.
Complaints
If you have any concerns over how we use your data, please contact our CODP in the first instance at: dataprotection@saslegal.co.uk
If you are not satisfied that we have addressed your concerns adequately, you have the right to lodge a complaint with the ICO. Their contact details are below:
Information Commissioner’s Office
Wycliffe House Water Lane Wilmslow Cheshire
SK9 5AF
Tel: 0303 123 1113 Web: www.ico.org.uk