1. Introduction and terms
Conroys Solicitors is a trading name of Conroys Solicitors which is a Data Controller and registered with the Information Commissioners Office [ICO] under reference ZA306908.
The law says we must have one or more of these reasons for using your data:
A legitimate interest is when we have a business or commercial reason to use your information.
Mail: for the attention of Elizabeth Conroy, Privacy Officer, Conroys Solicitors LLP, 7-9 Old Bridge Street, Truro TR1 2AQ.
2. Your rights
Under the GDPR your rights are:
3. The data we collect about you
We process both personal and sensitive (special) categories of data. Personal data we process may include your (or your employer’s or our client’s) name, address, date of birth, family relationships and email address. It also may include your IP address and cookies (website).
Due to the nature of our business, we also process sensitive (special) categories of data, such as health data, racial or ethnic origin.
We may require documentary details from you such as a driving licence, passport or birth certificate, in order to comply with our obligations under identification, money laundering and anti-terrorism legislation.
Our collection methods are:
4. How will your data be used?
We use information held about you to:
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you. Alternatively, we may be unable to comply with our legal or regulatory obligations.
We may also process your personal data without your knowledge or consent, in accordance with this notice, where we are legally required or permitted to do so.
5. Legitimate interest and marketing
We may process your data for the purposes of our own legitimate interests provided that those interests do not over-ride any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.
If you are an existing client or contact, we may send you information about other products, events and services that we feel may be of interest to you. You have a right at any time to ask us to stop contacting you for marketing purposes.
We will never sell your data to a third party for marketing purposes.
6. Will your data be shared with anyone else?
We will will keep your information within the firm except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with anyone else apart from us. They will hold the information securely and retain it for the period that we instruct.
We may also pass your data to third party external organisations where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
Please see below the list of our data processor services:
All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
7. Data retention
We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected.
When assessing what retention period is appropriate for your personal data, we take into consideration:
8. Data deletion
Under GDPR you have the right to erasure under specific circumstances. A request for your personal data to be deleted will be decided on a case by case basis and must be submitted in writing to the contact details provided in this policy.
9. Data correction
We will correct or update your data without delay provided you make the request in writing to the contact details provided in this policy, clearly specifying which data is incorrect or out of date.
10. Data security
We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
11. Data inspection
We try to be as open as we can be in terms of giving people access to their personal data. A Subject Access Request under the GDPR is your right to request a copy of the information that we hold about you. Such requests must be in writing to the contact details provided in this policy. If we do hold your personal data, we will respond in writing within one calendar month of your request (where that request was submitted in accordance with this policy).
The information we supply will:
Please note that you may need to provide identification to confirm who you are to access your data.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do not hold information about you, we will also confirm this in writing as soon as possible.
12. Changes to this policy
We keep our privacy notice under regular review and changes may be made from time to time. The current policy will be displayed on our website.
13. Withdrawal of consent
Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.
You have the right to complain about the processing of your personal data. Please contact us using the details provided above. If you are still dissatisfied, you have the right to complain to the Information Commissioners Office. (https://ico.org.uk/concerns)