Who are we?
Butler and Co Solicitors Ltd is a limited company and is a ‘controller’ for the purposes of the General Data Privacy Regulation and the Data Protection Act 2018. Frances Grice is the Data Protection Manager of the firm.
Whose data do we hold?
We may hold data about the following people:
● Employees● Clients● Suppliers and service providers● Advisers, consultants and other professional experts● Complainants and enquirers
What data will we collect?
We will only collect information from you that is relevant to the matter that we are dealing with. In particular we may collect the following information from you which is defined as ‘personal data’:
● Personal details● Family, lifestyle and social circumstances● Financial details● Business activities of the person whose details we are processing
Special categories
We may also collect information that is referred to as being in a ‘special category’. This could include:
● Physical or mental health details● Racial or ethnic origin● Religious beliefs or other beliefs of a similar nature● Criminal convictions● Sexual orientation
Basis for processing
The basis on which we process your personal data is one or more of the following:
● It is necessary for us to undertake work to represent our clients● It is necessary for us to comply with a legal obligation● It is in our legitimate interests to do so● We have been given consent (this can be withdrawn at any time by advising our data protection officer)
How will we use your data?
We may use your information for the following purposes:
● Provision of legal services including advising and acting on behalf of clients● Maintaining accounts and records● Supporting and managing staff
Who will we share information with?
Under our Code of Conduct there are very strict rules about who we can share information with and this will normally be limited to employees and other people who will assist with cases. This may include:
● Staff● Barristers● Medical experts● Healthcare professionals, social and welfare organisations● Courts and tribunals
Where we are authorised we may also disclose information to client’s family, associates or representatives.
How long will we keep information for?
We will normally keep information throughout the period of time that we do work for clients and afterwards for a period of six years as we are required to do by law and also by the regulations that apply to us.
In some cases (for example if a client or any party to or subject of the proceedings is under the age of 18 years) we may retain information for a longer period and we will advise of this at the time.
More information is set out in our data retention policy.
Security arrangements
We shall ensure that all the information provided to us is kept secure using appropriate technical and organisational measures.
We are subject to Lexcel which is the Law Society’s Standard for excellence in practice management and client care and data will be kept in accordance with that standard
In the event of a personal data breach we have in place procedures to ensure that the effects of such a breach are minimised and shall liaise with the ICO and with those affected as appropriate.
What rights do clients have?
Under the GDPR subjects whose data we hold have the following rights:
● Right to be informed● Right of access● Right to rectification● Right to erasure● Right to restriction of processing● Right to data portability● Right to object
Right of access
Clients and staff have a right to see the information we hold about them
To access this they need to provide a request in writing to our data protection officer, together with proof of identity.
We will usually process a request free of charge and within 30 days, however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex.
Full details are available in our data subject access policy which is available on request from the data protection officer.
Right to erasure
Subjects have a right to ask us to erase their personal data in certain cases (details may be found in Article 17 of the GDPR).
We will deal with such a request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend legal claims.
To exercise the right to erasure the subject should contact our data protection officer.
Who can subjects complain to?
If anyone is unhappy about how we are using their information or how we have responded to a request then initially they should contact the data protection officer Michael Butler, Butler & Co Solicitors Ltd, 5 Heron Gate, Hankridge Way, Taunton, TA1 2LR.
If their complaint remains unresolved then they can contact the Information Commissioner’s Office, details available at www.ico.org.uk