Skip to: main navigation | main content | sitemap | accessibility page

 
 
 
 
 
 

    Personal Data Processing Policy

    Version 2.1, November 2018 (See list of changes to this policy)

    If you prefer, you can download a copy of this policy in PDF format. Large format and braille versions can be provided on request.

    This policy does not apply to visitors to our website, who should read our Privacy & Cookies Policy instead.


    Contents

    Introduction
    Who we are
    The personal data we process about you
    How we process particularly sensitive personal data
    Our obligations in relation to your personal data
    Where your personal data are stored
    How we keep your personal data secure
    How long we keep your personal data for
    Who we share your personal data with
    Exemptions
    Marketing
    Call recording and monitoring
    Your rights
    Changes to this policy
    Questions, comments and feedback


    Introduction

    Gregg Latchams (we/us/our) processes personal data relating to various groups of individuals in its capacity as a “controller”. This policy sets out the information that we are required to provide to you in accordance with our obligations under data protection law, in particular, the General Data Protection Regulation (GDPR).

    As a firm that is authorised and regulated by the Solicitors Regulation Authority (SRA), we are not required to provide information about how we process personal data that has been obtained about you in the course of advising and representing our clients. You can read more about these Exemptions below.

    Our Compliance Manager is responsible for overseeing compliance with our data protection obligations and our Compliance Officer for Legal Practice (COLP) oversees compliance with our professional responsibilities under the SRA Code of Conduct.

    Who we are

    Gregg Latchams Solicitors is the trading name of Gregg Latchams Limited (registered in England and Wales under company number 6899567). We are authorised and regulated by the SRA (SRA number 607476) and registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA047393).

    We may provide trustee and executor services through the following associated companies:

    • Avon Executor and Trustee Company Limited (registered in England and Wales under company number 523164 and registered as a controller with the ICO under number ZA369250
    • Gregg Latchams WRH Executor & Trustee Company (registered in England and Wales under company number 2770215and registered as a controller with the ICO under number ZA369345

    The personal data we process about you

    To help you find the information that is most relevant to you, we have separated the personal data we process into the following groups of individuals:

    Within each group, you will find further information about the types of personal data we process; the source of the personal data; the purpose(s) for which we process the personal data; the legal basis that applies to each purpose; the period we shall retain the personal data for (or how it is calculated); and the categories of recipients who may have access to the personal data.

    How we process particularly sensitive personal data

    The information that can be accessed from the above links identifies where we may process special categories of personal data about you, which includes: personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; data concerning health; or sex life or sexual orientation and personal data relating to criminal convictions or offences.

    Where we process these types of personal data, we must have a further lawful ground for doing so, notably to: provide legal advice; establish, exercise or defend a legal claim; protect your vital interests or those of another person; and the prevention or detection of unlawful acts including fraud or money laundering.

    Our obligations in relation to your personal data

    We shall comply with our obligations under data protection law, including the GDPR, in relation to the processing of your personal data, which requires us to ensure that the personal data we process about you are:

    1. Used lawfully, fairly and in a transparent way
    2. Collected only for valid purposes that we have clearly told you about and not used for any other purposes that are not compatible with those purposes
    3. Relevant and limited to what is necessary for the purposes we have told you about
    4. Accurate and kept up-to-date
    5. Kept only as long as necessary for the purposes we have told you about
    6. Kept secure

    It is important you keep us informed of any changes to the personal data we hold about you.

    Where your personal data are stored

    Unless you are a client based outside the European Economic Area (EEA), in most circumstances your personal data will be stored on our own servers in the UK or the servers of our third party service providers in the EEA.

    We use Campaign Monitor for our email marketing, whose servers are based in the USA.

    Where any personal data are to be transferred outside the EEA, we shall ensure they are processed in line with data protection law in the UK and EU. However where such safeguards cannot be provided, we may transfer your personal data outside the EEA where:

    • necessary to enter into or perform a contract with you or a third party where the contract is in your interests
    • necessary for the establishment, exercise or defence of legal claims
    • you have given your explicit consent to the transfer
    • the transfer is of a limited nature and is necessary for the purpose of our compelling legitimate interests

    We have entered into written agreements with all third parties that process personal data on our behalf, requiring them to keep your data secure in accordance with GDPR principles.

    How we keep your personal data secure

    In accordance with our obligations under data protection law, we have:

    • implemented policies and procedures for the processing of personal data within the firm
    • put in place appropriate measures to prevent your personal data from being accidentally lost, used or access in any unauthorised way, altered or disclosed
    • put in place appropriate measures to limit access to those of our staff who need to have access to your personal data
    • entered into contracts with all of our employees, agents, consultants and sub-contractors containing confidentiality obligations
    • implemented a regular data protection training programme for our staff

    We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected personal data breach where we are legally required to do so.

    How long we keep your personal data for

    We shall only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, regulatory, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was processed and the potential risk of harm from us continuing to keep it. You can read more about our retention periods by clicking the link relevant to you in The personal data we process about you section above.

    Who we share your personal data with

    You can read more about the categories of recipients who we may disclosure or share your personal data to in The personal data we process about you section above.

    As a firm of solicitors that is authorised and regulated by the SRA and accredited by Lexcel (the Law Society’s legal practice quality mark), we may be required to provide the SRA, Legal Ombudsman or our Lexcel assessors with access to client files in relation to audits and investigations.

    We will not share your personal data with any third party for direct marketing purposes unless you have given your consent to receiving direct marketing from a specific third party, for example, an organisation that has co-hosted an event with us.

    We do not routinely share personal data with any of our group companies, which operate as separate businesses. However where you wish to engage the services of one of our group companies, we will share such personal data as is necessary for that purpose. Once you have engaged any of our group companies, they will be responsible for processing your personal data in accordance with their obligations as a ‘controller’ under data protection law.

    Exemptions

    We are not required to provide you with information about the processing of personal data that has been obtained about you from another person and which is subject to legal professional privilege and/or our obligation to maintain the confidentiality of such personal data in accordance with our professional obligations as a firm of solicitors. We are required to have regard to a set of mandatory principles and to comply with a code of conduct approved by the SRA.

    We are further exempt from the requirement to provide you with information about disclosures of personal data to us or by us which are:

    • required by any enactment, rule of law or court order
    • necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)
    • necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights

    Other exemptions may apply to specific matters on which we advise our clients, including:

    • negotiations between you and our client
    • matters relating to management forecasting or planning
    • certain activities relating to corporate finance

    Marketing

    Unless you expressly agree otherwise, we will only send you marketing information by email about our own products, services and events where, if legally required to do so, you have consented to receiving those emails and have not opted-out at any time.

    We use Campaign Monitor for our email marketing. Campaign Monitor includes a small file in each email called a “beacon” which allows us to see statistics including: whether you opened an email; when you opened an email; where in the world you were when you opened an email; which links you clicked; and what type of device and email product you used to view the email. This helps us to understand the relevance of our campaigns and to optimise our email templates for different devices. Campaign Monitor also uses this data on an aggregated and anonymised level for the purposes described in its Privacy Policy. Due to the way Campaign Monitor is configured, we cannot switch this tracking off unless you ask us not to track your email activity (by emailing dataprotection@gregglatchams.com) and we unsubscribe and re-subscribe you with your tracking preference recorded.

    We have linked Campaign Monitor to Google Analytics so that we can identify traffic to our website from links contained in our email marketing campaigns.

    You can manage your email marketing preferences by clicking the relevant link in the footer of each email we send or by emailing dataprotection@gregglatchams.com.

    Call recording and monitoring

    We do not routinely record calls. However if we wish to record a call (for example, to ensure that we have a detailed record of your instructions or any other communications relating to your matter), you will be notified of this in advance and given an opportunity to object.

    To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. This processing is necessary for the legitimate interest of monitoring compliance with our business and compliance obligations.

    Your rights

    You have a number of rights in relation to the personal data we hold about you:

    • Access: You have the right to request access to and be provided with a copy of the personal data held about you together with certain information about the processing of such personal data to check that we are holding it lawfully
    • Correction: You have the right to ask us to correct any inaccurate or incomplete personal data held about you
    • Deletion: You have the right to ask us to delete or remove any personal data held about you where there is no good reason for us to continue holding it or where you have exercised your right to object
    • Restriction: You have the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
    • Objection: You have the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your particular circumstances. You also have the right to object to our holding your personal data for direct marketing purposes
    • Portability: You have the right to receive or request that we transfer a copy of the personal data we hold about you in an electronic format where the basis of our holding such information is your consent or the performance of a contract and the information is processed by automated means

    Some of the above rights only apply in certain circumstances and may be subject to certain Exemptions.

    You will not have to pay any fee to exercise any of the above rights, though we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we will let you know.

    To protect the confidentiality of your personal data we may ask you to verify your identity before fulfilling any request in relation to your personal data.

    To exercise any of the above rights, you should contact us calling 0117 906 9400 and asking to speak to our Compliance Manager or emailing dataprotection@gregglatchams.com.

    If you have any concerns about how we have processed your personal data, you have the right to complain to the ICO. Please see the ICO’s website for further information.

    Changes to this policy

    We may make changes to this policy to reflect changes in our data processing practices. You are advised to review this policy regularly. However where we make any material changes to this policy, we will take steps to draw this to your attention beforehand.

    Questions, comments and feedback

    If you have any questions or comments regarding this policy, please call 0117 906 9400 and ask to speak to our Compliance Manager or email dataprotection@gregglatchams.com.

     

    To find out how we can help you or your business, get in touch.

    Give us a call:

    0117 906 9400

     
     
     
    • This field is for validation purposes and should be left unchanged.