This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Who we are
This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
For clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc.
This notice does not apply to any websites that may have a link to ours.
Data is collected, processed and stored by Pirie Palmann Ltd who is the Data Controller in relation to the personal information you provide to us.
Pirie Palmann Ltd is a limited company, authorised and regulated by the Council for Licensed Conveyancers.
Pirie Palmann Ltd. is registered with the Information Commissioner’s Office under registration reference Z8978425. View our certificate. (https://ico.org.uk/ESDWebPages/Entry/Z8978425) Our Data Protection Officer is Simon Black who can be contacted by email firstname.lastname@example.org
What we need
The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This notice is intended for clients and prospective clients only.
Under the General Data there are two types of personal data (personal information) that you may provide to us:
• Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth & contact details.
• Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, health, criminal convictions etc.
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks.
However some of the work we do may require us to ask for more sensitive information or you (or others) may choose to supply such sensitive information in the course of our representing you.
If you refuse to provide the personal data we ask you for we may not be able to transact your legal work on your behalf.
This is because as a regulated law firm we must abide by statutory and regulatory obligations and standards requiring us to carry out certain checks and verifications before we are permitted to undertake work on your behalf.
Sources of information
Information about you may be obtained from a number of sources; including:
• You may volunteer the information about yourself
• You may provide information relating to someone else – if you have the authority to do so
• Information may be passed to us by third parties who might (for example) include:
• Banks, building societies or other financial institutions
• Panel providers who allocate legal work to law firms
• Organisations that have referred work to us
• Identification search providers who supply the results of identity checks
Why we need it
The primary reason for asking you to provide us with your personal data, is to allow us to carry out your instructions – which will ordinarily be to represent you and carry out your legal work.
We also require your data for legitimate business interests in relation (amongst other things) to responding to complaints and allegations of negligence or misconduct.
The following are some examples, although not exhaustive, of what we may use your information for:
• Verifying your identity
• Verifying source of funds
• Communicating with you
• To establish funding of your matter or transaction
• Obtaining insurance policies on your behalf
• Processing your legal transaction including preparing deeds and documents containing your personal information
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts
• Responding to any complaint or allegation of negligence against us
Who has access to it
We will not share your information with third parties for marketing purposes. We will not permit your data to be processed outside the European Economic Area.
Generally, other than as explained above, we will only use your information within Pirie Palmann Ltd. However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:
• HM Land Registry to register a property
• HM Revenue & Customs or the Welsh Revenue Authority; e.g. for Stamp Duty or Land Transaction Tax liability
• Lawyers acting on the other side of or otherwise involved in a transaction
• Non legal experts to obtain advice or assistance (e.g. Surveyors, accountants or tax advisers)
• Translation Agencies
• Contracted Suppliers
• External auditors or our Regulator; e.g. Council for Licensed Conveyancers, the Legal Ombudsman, ICO etc.
• Banks, Building Societies or other financial institutions involved with your transaction
• Insurance Companies
• Solicitors and other advisers representing our interests in the event of a claim against us by you;
• Providers of identity verification searches
• Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
• If there is an emergency and we think you or others are at risk
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
How do we protect your personal data
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care, through the use of various technologies and security systems, to prevent its loss, misuse, alteration or accidental destruction in order to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
How long will your data be kept?
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
• As long as necessary to carry out your legal work
• For a minimum of 7 years from the conclusion or closure of a transaction file that relates to a property sale transaction and for a minimum of 12 years from the conclusion of closure of a transaction file that relates to a purchase transaction; for transaction files that relate to other property matters the file will be retained for a minimum of 7 years after its conclusion of closure unless there is a mortgage involved in which case this period will be a minimum of 12 years. This is because either you, or we, may need to access your case for the purpose of defending complaints or claims against us.
• Some information or matters may be kept for 16 years – such as sales or purchases of leasehold properties.
• Deeds related to unregistered property which we agree to retain may be kept indefinitely as they evidence ownership.
What are your rights?
• You are entitled to make a “Subject Access Request” (i.e. to request a copy of your personal data). Your data will be supplied to you in a portable format which will mean it will be supplied digitally in a manner that enables it to be transferred by you to another Data Controller or Data Processor. If you wish to make a request, please do so in writing addressed to our Data Protection Officer, Simon Black; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth and other personal information.
This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
We are often required to retain the documents themselves because they also relate to other people who also have rights to the same papers or because there is a mortgage involved and the mortgage lender has joint ownership of the documents.
• You have the right to object to this processing. Should you wish to do so please contact our Data Protection Officer Simon Black at email@example.com
• You have the right to ask us to “forget” your personal data. We may not always be able to agree to your request, if the reasons for holding it set out in this notice still apply to it. On receipt of a request to “forget” your data we will either advise you that we need to retain the data because of one of the reasons allowable under the GDPR or we will delete your personal data.
• You have the right to have your data corrected if it contains errors. Should you wish to do so please contact our Data Protection Officer Simon Black at firstname.lastname@example.org
Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Simon Black and you can contact her at email@example.com.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
How we collect personal data
The following are examples, although not exhaustive, of how we collect your personal information:
• Submitting an online enquiry about our services
• Instructing us to act for you
• Following/liking/subscribing to our social media channels
• Agree to fill in a questionnaire or survey
• Ask us a question or submit any queries or concerns you have via email or on social media channels
• When you leave a review about us on (e.g.) Trustpilot.com or Google Reviews
How we may use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
• fraud prevention
• to provide you with the legal services for which you engage us
• direct marketing (subject to your right to opt out)
• network and information systems security
• data /analytics /enhancing, modifying or improving our services
• identifying usage trends
• Responding to complaints
• determining the effectiveness of promotional campaigns and advertising.
How we protect your personal information
We will only ever use non-sensitive personal information to target individuals with marketing materials; such as name, address, telephone, email, job description and previous buying behaviours. Sensitive information or specific details will never be used to target marketing communications. We may use personalisation to collect analytics to inform marketing and produce relevant content for marketing strategy purposes to enable us to enhance and personalise the experience of our clients.
If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our communications to you or by contacting our Data Protection Officer Simon Black firstname.lastname@example.org with your name and email address. Your details will be removed immediately. Once unsubscribed, you may still receive transactional emails from us regarding your legal case.
Any questions regarding this notice and our privacy practices should be sent by email to our Data Protection Officer Simon Black email@example.com