Data Protection - Personal Information we Collect and Use

Who we are

We are A&R Solicitors Limited, trading primarily as A&R Solicitors, and also under the name “Not My Fault Lawyers’. We use, collect and are responsible for certain personal information about you.

When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Data Controller: A&R Solicitors, Uxbridge House, Suite 106, First Floor,460-466 Uxbridge Road, Hayes UB4 0SD

ICO Registration Number: ZA211158

We ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

The personal information we collect and use

i. Information collected by us

We collect and retain personal information about you (and your personnel) through various means, including:

Carrying out work for you (or your business)
via our website (for example via our ‘Contact Us’ page or our newsletter subscription page or similar, submitting a job application etc)
via email or other electronic correspondence
via telephone (including through our routine recordings of phone conversations)
via networking (ie at law or business fairs, client events, exhibitions, and/or other meetings or events either hosted by or attended by us, or both)
by our operating security policies and procedures in our offices (ie by virtue of CCTV kept by our buildings landlords – to which we have access – or to our own CCTV and record keeping within our offices)
and otherwise through operating our business and liaising with other professionals and other referrers.

This personal information that you provide to us may include:

Your name and title
Contact information such as addresses, phone numbers and email addresses
Information relating to your preferences and interests
Employment history, education attainments, and information equality monitoring information
In more limited circumstances, data relating to your health (including any disabilities), ethnicity or race, religious beliefs, trade union membership, political views, sexual orientation and habits known as ‘special category’ personal data
Photographic identification and video footage
In certain situations, your signature, National Insurance number, financial information, bank account details
Any other personal data we collect in the context of our work for our clients or in the course of operating our business.

ii. Information collected from other sources

We also obtain personal information from other sources as follows:

Your names, addresses and contact details from estate agents, commercial agents, accountants, IFA/mortgage brokers, and other referrers of potential work and/or clients with whom we have relationships
Names, locations, and employment and education information, from employment or recruitment agencies.

How we use your personal information

We may use your personal information to:

Respond to any query that you send us
Manage our relationship with you (and/or your business), including by maintaining a database of clients and third parties for administration and accounting and relationship management purposes
To carry out our contractual obligations to you (or your business) and/or taking such steps as we have set out in our terms of engagement and retainer that we have agreed with you
To carry out any relevant conflict checks, anti-money laundering and terrorist finance enquiries and sanctions checks in accordance with the relevant legislation
Fulfilling our obligations in respect of Criminal Finances Act 2017
To send you any relevant information on our services and events that may be of interest to you using the email and/or postal addresses which you have provided, but only if you have given us your consent to do so, and until that consent is withdrawn
To process any job application that you or your representative have submitted
To ensure our websites content is presented in the most effective manner for you and your device and /or to customize our website according to your interests and preferences
To administer our website and for internal operations including troubleshooting, data analysis, testing research, statistical and survey purposes
To allow you to participate in interactive features on our website when you choose to do so
As part of our effort to keep our website safe and secure
To measure or understand the effectiveness of advertising that we send you and others and to deliver relevant advertising to you
To ensure we properly administer any attendance/visits to our offices for security and health & safety reasons
To comply with the professional, legal and regulatory obligations that apply to us or to policies that we have in place
Such as we feel is necessary to protect our interests and/or to prevent illegal activity.

Who we share your personal information with

In the course of acting for you we routinely share your name, contact details and other information when:

(a) you specifically request us to, or this is necessary to provide the legal services to you (for example when we need to instruct expert witnesses or valuers, or engage barristers to represent you)

(b) In the event that we act for you in any sale or purchase transaction in which case we must disclose your details to the prospective buyer or seller or their representative

(c) If you authorise us to – for example to a mortgage broker, estate agent or family member in the course of a property transaction

(d) If we are under a duty to disclose or share your personal data in order to comply with a legal obligation or to protect the rights and interests of our website, our customers, or this firm, or of other third parties

(e) We seek to comply with external agencies when providing information with other companies, or institutions for the purposes for verifying your identity and in connection with protection from fraud, money laundering, tax evasion, terrorist financing, or other criminality

(f) For administrative purposes, for example when:

we send a litigation file to a costs draftsman to assist in the recovery of your legal costs, or
we send your matter file to our archiving and file destruction contractors for the file to be held
we send your name and bank details to our bank to enable funds to be paid to you.

In respect of more sensitive personal information – relating to health, trade union membership or political involvement, family information, race or ethnic origin, religion, gender, sex life or sexual orientation (defined as Special Category data in the GDPR) – where it is appropriate and relevant to the matter in hand, we may share that routinely with relevant parties in the categories of third parties listed at (a) to (f) above, for example:

(i) In respect of a personal injury matter – to share medical records with a medical or other expert and/or a barrister dealing with your case

(ii) In respect of an employment matter involving claims for discrimination, to share information with a barrister engaged to advise or represent you

(iii) In respect of a family or divorce matter, with barristers engaged to advise or represent you.

Only where it is relevant to your specific case will such sensitive information be retained on your file. Your file will then require storage and ultimately shredding by our archiving and document destruction contractors in accordance with our data retention guidelines.

We also occasionally share your personal information with selected third parties including service providers, support services to our firm, and organisations that help us market our services. For a list of our third party suppliers contact us at info@aandrsolicitors.co.uk

This data sharing enables us to carry out the legal services that we are engaged to do, and to comply with our statutory, regulatory, and professional obligations.

In rare circumstances – for example where a dispute resolution involves foreign property – some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

Whether information has to be provided by you, and if so why

The provision of personal data is required from you to enable us to provide legal services to you. If you do not provide relevant information when it is requested then we may be unable to act further and may have to terminate the retainer and cease acting.

We will inform you at the point of collecting information from you, whether you are required to provide the information to us.

How long your personal information will be kept

We will hold your personal information on your file only when necessary or relevant to your matter and/or to our obligations. The period that we are required to retain financial information by applicable UK tax law is currently 6 years.

We will retain your personal data within our files and records in accordance with our Engagement Terms. Those terms set out our statutory responsibilities and the contractual arrangements between us.

As solicitors we have always fully recognised our professional obligations of confidentiality, and aware of the importance of the matters that clients entrust to us. As such our terms are designed to provide protection for our clients, as well as for the firm. Once the matter is over the information retained will be stored but it will not be actively used or shared with any third parties unless it is required to assist with advancing or defending a legal case, or defence of a complaint, or you have consented to such sharing.

Reasons we can collect and use your personal information

We rely on contract as the lawful basis on which we collect and use your personal data such as name, address, and contact details.

In addition, in respect of information collected to comply with Anti Money laundering legislation, such as photo ID, dates of birth and former addresses, we rely on legal obligations.

In addition, we may in rare circumstances rely on legitimate interests to retain file records including personal data beyond the time for which our contractual entitlement has expired, because for the protection of the firm and the client a legal liability may subsist for up to fifteen years from the completion of the transaction and provision of our service, and in order to maintain professional indemnity insurance cover we seek to maintain a record of the matter/transaction by way of evidence as to its genesis, progress and resolution.

Our review of the risk of potential harm to you of retaining that personal information is that the risk is small and is outweighed by the benefit to you and to us of being able to recreate the history and documents of the transaction/matter.

In addition, in respect of Special Category data we rely on (i) express consent received from you and/or (ii) our assessment that special category personal information held within the matter file is necessary for the establishment, exercise and or defence of legal rights – so as to allow claims to be advanced within a suitable limitation period.

Consequences of our use of your personal information

We do not envisage that the use of personal information to promote your case or transaction, or its retention to comply with contract, with legal obligations and our professional indemnity insurers guidance will have any material downside for clients.

That said, we acknowledge that storage arrangements must be configured and designed to comply with good practice as to the accessibility, security and cyber security of that data.

Transfer of your information out of the EEA

We may on rare occasions need to share personal information with a recipient located outside the European Economic Area (EEA) (e.g. a professional adviser or third party engaged by us or you as part of our work under an engagement letter), for example if in the course of a matter we are asked to deal with the shares in a foreign company or a foreign property.

Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. In that situation any transfer of your personal information will be subject to your express consent and we will ensure that we will do so in accordance with European Data Protection Legislation.

If such transfers affect you, then you may contact us to obtain more precise information about those terms, and to obtain copy of relevant documentation.

Our people may occasionally access their email accounts remotely when working abroad (including from jurisdictions outside the EEA). Where they do so they are required to use our systems and access any personal data in accordance with all the usual policies and procedures.

We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.

Our Rights

Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:

fair processing of information and transparency over how we use your use personal information
access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
be told by us whether we or someone else on our behalf is processing your personal information
require us to correct any mistakes in your information which we hold
in certain circumstances, to require the erasure of personal information concerning you
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and in certain situations have the right to transmit those data to a third party
object at any time to processing of personal information concerning you for direct marketing
object in certain other situations to our continued processing of your personal information
otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please complete the following steps:

email, call or write to us or to Akil Gurusamy, our Data Protection Responsible Officer
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill)
let us know the information to which your request relates, including any account or reference numbers, if you have them.

If you would like to unsubscribe from any marketing emails or newsletters you can also click on the ‘unsubscribe’ button at the bottom of the email/newsletter, if needed. It may take up to 3 days for this to take place.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

12) How to complain

We hope that we and/or our Data Protection Responsible Officer, can resolve any query or concern that you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone 0303 123 1113.

Changes to this privacy notice

This privacy notice was published in our updated website on 31.03.2019.

We may change this privacy notice from time to time. You should check this policy occasionally on our website to ensure you are aware of the most recent version.

How to contact us

Please contact us or Akil Gurusamy, our Data Protection Responsible Officer, if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us or Akil Gurusamy, our Data Protection Responsible officer, please either:

send an email to info@aandrsolicitors.co.uk or to akil@aandrsolicitors.co.uk or
write to A&R Solicitors, Uxbridge House, Suite 106, First Floor,460-466 Uxbridge Road, Hayes UB4 0SD or
call 03333 443351.

Alternatively you can contact us through the Contact us section of our website

15) Do you need extra help?

If you would like this notice in another format (for example: audio, large print) please contact us (see ‘How to contact us’ above).