The third Wednesday in August (21 st August 2019) is Injury Prevention Day, when APIL...
We take your privacy very seriously and we ask that you read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
Andrew & Co LLP collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
In the course of providing legal services we collect the following personal information when you provide it to us:
Clients and prospective clients
Name, address, telephone number, date of birth, email, information provided in relation to the particular transaction on which the client has instructed us. This may, depending on the type of matter on which we have been instructed include sensitive personal information.
We use information provided by clients to:
- Provide quotations or estimates for legal services.Act and advise on the matters on which we are instructed;Comply with our duties in relation to the Proceeds of Crime Act 2002 (POCA), the Terrorism Act 2000 and the Fraud Act 2006; and With the consent of clients, provide the clients with information about other services provided by us and seminars and events in which are involved.
Our basis for processing information provided by clients and prospective clients is usually contractual, but may also be to fulfil our legal obligations.
There are a number of circumstances in which we may have personal information relating to people who are not our clients. Our basis for processing this information is to fulfil our own or our clients' legitimate interests.
- Families of clients and beneficiaries of clients
In matters where we are instructed to draft wills for clients, to act or advise in relation to an estate or to advise in relation to family matters we may be provided with names, addresses, telephone numbers, dates of birth, email, financial information. There may be circumstances relevant to the advice which we are providing when we are provided with sensitive personal information of all types.
We use the information to advise clients in relation to the effective estate planning, to draw up wills and trust documents, and advise clients on their rights and responsibilities in relation to family members. Information may be passed to other professional advisers of our clients in relation to the transaction in which we are instructed.
- Employees, staff and consultants of clients
Where advising commercial clients in matters relating to their businesses and employment duties we may be provided with the names, addresses, dates of birth, financial information of their employees, staff and consultants. Where we are advising on duties as an employer there may be circumstances in which we are provided with sensitive personal information of all types.
We use the information to advise clients on their rights, duties and responsibilities as employers.
- Other parties in a dispute
In matters where we are advising or acting on a dispute between our client and third parties we may be provided with names, addresses, telephone numbers, dates of birth, email, financial information. There may be circumstances relevant to the advice which we are providing when we are provided with sensitive personal information of all types.
We use the information to advise clients on their rights, duties and responsibilities in relation to defending or pursuing claims, and in relation to enforcement of claims and to contact parties in a dispute.
- Tenants, landlords, assignees and sellers or purchasers
Where acting or advising on sales, purchases and leases of properties, assets and businesses we may be provided with names, addresses, telephone numbers, email addresses and sometimes financial information of other parties relating to the transaction.
We use the information to contact other parties in a transaction and to draw up the relevant documents to the transaction. Information may also be provided to us as part of the due diligence supplied to a buyer or seller of a company or business.
- Professional advisers of clients
We may be provided with the names, addresses, telephone numbers and email addresses of the professional advisers of our client or third parties in a matter on which we are acting.
We use the information to contact the professional advisers of our clients.
- Trustees of clients
We may be provided with the names, addresses, telephone numbers and email addresses of the trustees of our clients. Identification provided for compliance with Anti-money laundering regulations may contain financial information.
We use the information to advise client trusts, to draw up trust documents, and to comply with our duties in relation to the Proceeds of Crime Act 2002 (POCA), the Terrorism Act 2000 and the Fraud Act 2006.
- Directors and shareholders of clients
We may be provided with the names, addresses, telephone numbers and email addresses of the directors and shareholders of our clients. Identification provided for compliance with Anti-money laundering regulations may contain financial information.
We use the information to advise our corporate clients on transactions and their rights and responsibilities, to contact the individuals with whom we are dealing in corporate clients, to draft documentation on transactions in which we are instructed and to comply with our duties in relation to the Proceeds of Crime Act 2002 (POCA), the Terrorism Act 2000 and the Fraud Act 2006.
- Visitors to our offices
We collect names of those visiting our offices
- Visitors to our website
A separate policy relating to cookies on our website is published on the website.
- Job applicants and our current and former employees
The privacy notice is contained in our HR manual
Information collected from other sources
We also obtain personal information from other sources as follows:
- As part of our due diligence exercise in relation to anti-money laundering procedures we carry out a electronic search with Smartcredit Limited;From third parties acting for clients or other parties in a matter in which we are or may be instructed;Our credit control procedures on behalf of ourselves and dispute resolution procedures may involve our instructing inquiry agents to obtain information to trace individuals.
Who we share your personal information with
There are some organisations with whom we routinely share information and who are therefore data processors on our behalf:-
- Our electronic files and accounting system are held on a Citrix site hosted by our IT providers, Nasstar Group Limited;Our accounting and case management system, Liberate, is provided by Linetime Limited who may be granted access from time to time for maintenance and updates of the system;Archiving of physical hard copy files is carried out for us by Lincolnshire Archiving;Our accountants and Solicitors Accounts auditors have access to electronic and hard copy files for the purposes of verifying we are compliant with the Solicitors Accounts Rules;Our insurers, QBE, or professional advisers on their behalf may require access to client files for considering and negotiating in relation to a claim;In relation to a specific transaction for a client we may be instructed by the client to share personal information with other parties such as solicitors, professional advisers for the client or for other parties to a transaction, banks, mortgage advisers, estate agents and HMRC. We will agree with the client what personal information may be shared, and with whom.
We will share personal information with law enforcement or other authorities if required by applicable law.
How long your personal data will be kept
- Our file retention period for client files is set out in the annexure (Click the link to download). Clients may request their files from us at any time. Hard copy files are either destroyed at the end of the retention period or returned to the client
- Information relating to suppliers and their staff contacts is kept for the duration of the contract plus one year
- CCTV 14 days
- Accident book – in respect of staff 6 years after the member of staff has left, otherwise 4 years for an adult and, in respect of a child, until the child is 21
- Visitor books are destroyed when the book is full
- Contact details provided to us by you for business development purposes – retained unless you ask us to delete it or have not attended an event for one year
- Copies of publicity following an event or transaction published with consent – three years
Transfer of your information out of the EEA
We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:
- if transferring to you;if in accordance with the General Data Protection Regulations, which among other matters allow for this if you give informed consent and if necessary for the establishment, exercise or defence of legal claims.
We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your personal informationaccess to your personal information and to certain other supplementary information that this Privacy Notice is already designed to addressrequire us to correct any mistakes in your information which we holdrequire the erasure of personal information concerning you in certain situationsreceive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situationsobject at any time to processing of personal information concerning you for direct marketingobject to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect youobject in certain other situations to our continued processing of your personal informationotherwise restrict our processing of your personal information in certain circumstancesclaim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published with effect from 14th November Version number 2
We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us please contact Catriona Wheeler by sending an email to email@example.com, writing to St Swithin's Court 1 Flavian Road Lincoln LN2 4GR or call 01522 512123