We are A&R Solicitors Limited, trading primarily as A&R Solicitors, and also under the name “Not My Fault Lawyers’. We use, collect and are responsible for certain personal information about you.
When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Data Controller: A&R Solicitors, Uxbridge House, Suite 106, First Floor,460-466 Uxbridge Road, Hayes UB4 0SD
ICO Registration Number: ZA211158
We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
i. Information collected by us
We collect and retain personal information about you (and your personnel) through various means, including:
This personal information that you provide to us may include:
ii. Information collected from other sources
We also obtain personal information from other sources as follows:
We may use your personal information to:
In the course of acting for you we routinely share your name, contact details and other information when:
(a) you specifically request us to, or this is necessary to provide the legal services to you (for example when we need to instruct expert witnesses or valuers, or engage barristers to represent you)
(b) In the event that we act for you in any sale or purchase transaction in which case we must disclose your details to the prospective buyer or seller or their representative
(c) If you authorise us to – for example to a mortgage broker, estate agent or family member in the course of a property transaction
(d) If we are under a duty to disclose or share your personal data in order to comply with a legal obligation or to protect the rights and interests of our website, our customers, or this firm, or of other third parties
(e) We seek to comply with external agencies when providing information with other companies, or institutions for the purposes for verifying your identity and in connection with protection from fraud, money laundering, tax evasion, terrorist financing, or other criminality
(f) For administrative purposes, for example when:
In respect of more sensitive personal information – relating to health, trade union membership or political involvement, family information, race or ethnic origin, religion, gender, sex life or sexual orientation (defined as Special Category data in the GDPR) – where it is appropriate and relevant to the matter in hand, we may share that routinely with relevant parties in the categories of third parties listed at (a) to (f) above, for example:
(i) In respect of a personal injury matter – to share medical records with a medical or other expert and/or a barrister dealing with your case
(ii) In respect of an employment matter involving claims for discrimination, to share information with a barrister engaged to advise or represent you
(iii) In respect of a family or divorce matter, with barristers engaged to advise or represent you.
Only where it is relevant to your specific case will such sensitive information be retained on your file. Your file will then require storage and ultimately shredding by our archiving and document destruction contractors in accordance with our data retention guidelines.
We also occasionally share your personal information with selected third parties including service providers, support services to our firm, and organisations that help us market our services. For a list of our third party suppliers contact us at info@aandrsolicitors.co.uk
This data sharing enables us to carry out the legal services that we are engaged to do, and to comply with our statutory, regulatory, and professional obligations.
In rare circumstances – for example where a dispute resolution involves foreign property – some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
The provision of personal data is required from you to enable us to provide legal services to you. If you do not provide relevant information when it is requested then we may be unable to act further and may have to terminate the retainer and cease acting.
We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
We will hold your personal information on your file only when necessary or relevant to your matter and/or to our obligations. The period that we are required to retain financial information by applicable UK tax law is currently 6 years.
We will retain your personal data within our files and records in accordance with our Engagement Terms. Those terms set out our statutory responsibilities and the contractual arrangements between us.
As solicitors we have always fully recognised our professional obligations of confidentiality, and aware of the importance of the matters that clients entrust to us. As such our terms are designed to provide protection for our clients, as well as for the firm. Once the matter is over the information retained will be stored but it will not be actively used or shared with any third parties unless it is required to assist with advancing or defending a legal case, or defence of a complaint, or you have consented to such sharing.
We rely on contract as the lawful basis on which we collect and use your personal data such as name, address, and contact details.
In addition, in respect of information collected to comply with Anti Money laundering legislation, such as photo ID, dates of birth and former addresses, we rely on legal obligations.
In addition, we may in rare circumstances rely on legitimate interests to retain file records including personal data beyond the time for which our contractual entitlement has expired, because for the protection of the firm and the client a legal liability may subsist for up to fifteen years from the completion of the transaction and provision of our service, and in order to maintain professional indemnity insurance cover we seek to maintain a record of the matter/transaction by way of evidence as to its genesis, progress and resolution.
Our review of the risk of potential harm to you of retaining that personal information is that the risk is small and is outweighed by the benefit to you and to us of being able to recreate the history and documents of the transaction/matter.
In addition, in respect of Special Category data we rely on (i) express consent received from you and/or (ii) our assessment that special category personal information held within the matter file is necessary for the establishment, exercise and or defence of legal rights – so as to allow claims to be advanced within a suitable limitation period.
We do not envisage that the use of personal information to promote your case or transaction, or its retention to comply with contract, with legal obligations and our professional indemnity insurers guidance will have any material downside for clients.
That said, we acknowledge that storage arrangements must be configured and designed to comply with good practice as to the accessibility, security and cyber security of that data.
We may on rare occasions need to share personal information with a recipient located outside the European Economic Area (EEA) (e.g. a professional adviser or third party engaged by us or you as part of our work under an engagement letter), for example if in the course of a matter we are asked to deal with the shares in a foreign company or a foreign property.
Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. In that situation any transfer of your personal information will be subject to your express consent and we will ensure that we will do so in accordance with European Data Protection Legislation.
If such transfers affect you, then you may contact us to obtain more precise information about those terms, and to obtain copy of relevant documentation.
Our people may occasionally access their email accounts remotely when working abroad (including from jurisdictions outside the EEA). Where they do so they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.
We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please complete the following steps:
If you would like to unsubscribe from any marketing emails or newsletters you can also click on the ‘unsubscribe’ button at the bottom of the email/newsletter, if needed. It may take up to 3 days for this to take place.
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
We hope that we and/or our Data Protection Responsible Officer, can resolve any query or concern that you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.
This privacy notice was published in our updated website on 31.03.2019.
We may change this privacy notice from time to time. You should check this policy occasionally on our website to ensure you are aware of the most recent version.
Please contact us or Akil Gurusamy, our Data Protection Responsible Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us or Akil Gurusamy, our Data Protection Responsible officer, please either:
Alternatively you can contact us through the Contact us section of our website
If you would like this notice in another format (for example: audio, large print) please contact us (see ‘How to contact us’ above).