General Data Protection Regulation (GDPR)
Eden & Co are regulated by the Solicitors Regulation Authority. For the purpose of the Data Protection Act 2018 (the Act) and the provisions of Regulation (EU) 2016/679 (the General Data Protection Regulation or GDPR), Eden & Co is the data controller of your personal information and is entered in the Information Commissioner’s Office (ICO) Register of Data Controllers with registration number Z8987136.
We are fully committed to client confidentiality and protecting your personal information. We have appointed a member of this firm as our Information Officer and representative for data-protection matters.
Telephone: 0161 237 1116
Your personal information – and why we need it
We will need to collect some personal information about you to form a solicitor and client relationship and so we can create and maintain proper records and provide our services. This information will include your:
- Full name;
- Date of birth;
- Address (business and personal);
- Email address;
- Financial details; and
- Phone number.
We may also need to collect further information about you that is relevant to the work you want us to do.
How we use your personal data
The way we process your personal data we collect as set out above varies depending on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired. These include:
- Providing our services to you or an entity for which you work;
- Verifying your identity;
- Keeping a record of the services you have subscribed to and deliver services you may have requested;
- Administration, billing and record-keeping purposes;
- communicating with you by telephone, email, fax or post;
- meeting our legal, regulatory and contractual obligations arising from any our relationship with you (for example under anti-money laundering legislation);
- providing and improving customer service and support;
- where necessary in the legitimate interests of this firm or someone else, as long as those interests take priority over your own rights in the circumstances; and
- verifying or enforcing compliance with this Notice and applicable laws.
If none of these reasons applies, we may have to ask for your specific permission.
Depending on the type of case or the advice you need, we might also need to collect or handle more sensitive or “Special Category” information about you such as trade union membership, health, religious beliefs, sex life or sexuality.
- only collect or handle this personal information if we need to so we can deal you’re your case properly;
- ask you for your specific written permission to process this type of information; and
- tell you why and how the information will be used.
If we collect personal information about you from a source other than you (unless you already have that information, the law says we can’t, or is confidential), we will tell you:
- what that information is; and
- where it has come from.
If the information is wrong or incomplete, you will be entitled to ask us to correct it (see ‘What are your rights?’ below).
If we are allowed by law, we may use your details to contact you with information about our services or legal developments we think may interest you. You can tell us at any time not to send you those messages.
If we have asked for your specific permission (consent) to have and use your personal information, you can withdraw that consent at any time by contacting the lawyer dealing with your case or by phoning us or emailing us:
Telephone 0161 237 1116
This will not affect any processing or your personal information which we have done before you withdraw your consent.
We will ask you some questions to check your identity and to allow us to note in our records that you have withdrawn your consent.
If we are processing personal information for a child under the age of 13 years, we will need the permission of the child’s parent/guardian. If the child is over 13 years, we will need the child’s permission.
Disclosure of your personal data
We will only disclose your personal information to another person or organisation where we:
- Need to share the information to provide a product or service you have requested;
- need to send the information to persons or organisations who engage us to conduct legal services on their behalf, including where you are that third party’s customer;
- need to send the information to persons or organisations that work on our behalf to provide a product or service to you such as barristers, medical practitioners and other experts. Where such a person or organisation does work on our behalf we will whenever possible share your personal information with them on a confidential basis; and
- in legal proceedings – the court and others required by law or by the rules or order of the court.
Our legal basis for using your personal data
Our use of your personal data as outlined above is subject to different legal bases for processing, including where necessary for:
- The purposes of the performance of any contract we enter into with you or to take steps at your request prior to entering into a contract with you
- our legitimate interests, for example in providing legal services to an entity you work for, managing and monitoring our website operation, preventing fraud and for our business compliance purposes;
- compliance with our legal and regulatory responsibilities.
If you do not agree to provide your personal data to us we may not be able to provide you with legal services or process your application for other services or employment. Where our use of your data is not necessary for one of the purposes outlined above we may use it in a particular way with your consent (for example if you have registered to attend an event we are hosting or to receive legal updates). Where we ask for your consent you are free to refuse our use of your personal data for those purposes and you may withdraw your consent at any time by contacting us using the details set out below. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
Transferring your information to another country
The personal information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or one of our suppliers or in circumstances where your instruction has international considerations and/or parties related to your matter are located overseas. Before we transfer your personal data outside the EEA we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your personal data, as required by the Act and Chapter V of the GDPR. Please contact us if you wish to obtain more information regarding relevant safeguards. By submitting your personal information you agree to this transfer, storing or processing outside the EEA.
How long do we keep your information?
We will retain your personal information for different time periods, depending on the nature of the case and the purpose(s) for which it was collected; for a minimum of six years and so long as is reasonably necessary for the purpose for which it was obtained and in accordance with our legal obligations and to follow our data destruction policy and processes thereafter.
What are your rights?
As a ‘data subject’ your personal information is protected under data protection law and you have a number of rights (see below) which you can seek to exercise. Please contact us in writing, by email or telephone using the details shown under ‘Contact and Complaints’ below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
- Right of access – subject to certain exceptions, you have the right to ask for a copy of the personal data that we hold about you.
- Right to rectify your personal information – if you discover that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected).
- Right to be forgotten – you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations.
- Right to restriction of processing – in certain circumstances, you might be able to restrict how we process your information. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified.
- Right to object to processing – you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of statistical analysis.
- Right of portability – if we hold certain types of personal information about you, you may have the right to have it transferred to another organisation.
- Right to object – you have the right to object to certain types of processing, such as direct marketing.
- Right to object to important decisions being made about you, or anything about you being evaluated, by an automated process without human involvement
We will also send all of the above requests to anyone else we have shared your information with, and we will always try to respond to you within one month of receiving your request.
How you can complain
If you want to make a complaint about how we are processing your personal information, or you are not satisfied with how we have handled your complaint, you can raise the matter direct with our Information Officer, or with the ICO.
Eden & Co Information Officer: Robert Greenwood
Eden & Co Solicitors
26 Oxford Court
Information Commissioner’s Office
Telephone: 0303 123 1113 or 01625 545 745