Skip to: main navigation | main content | sitemap | accessibility page
Version 2.1, November 2018 (See list of changes to this policy)
If you prefer, you can download a copy of this policy in PDF format. Large format and braille versions can be provided on request.
This policy does not apply to visitors to our website, who should read our Privacy & Cookies Policy instead.
Who we are
The personal data we process about you
How we process particularly sensitive personal data
Our obligations in relation to your personal data
Where your personal data are stored
How we keep your personal data secure
How long we keep your personal data for
Who we share your personal data with
Call recording and monitoring
Changes to this policy
Questions, comments and feedback
Gregg Latchams (we/us/our) processes personal data relating to various groups of individuals in its capacity as a “controller”. This policy sets out the information that we are required to provide to you in accordance with our obligations under data protection law, in particular, the General Data Protection Regulation (GDPR).
As a firm that is authorised and regulated by the Solicitors Regulation Authority (SRA), we are not required to provide information about how we process personal data that has been obtained about you in the course of advising and representing our clients. You can read more about these Exemptions below.
Our Compliance Manager is responsible for overseeing compliance with our data protection obligations and our Compliance Officer for Legal Practice (COLP) oversees compliance with our professional responsibilities under the SRA Code of Conduct.
Gregg Latchams Solicitors is the trading name of Gregg Latchams Limited (registered in England and Wales under company number 6899567). We are authorised and regulated by the SRA (SRA number 607476) and registered as a controller with the Information Commissioner’s Office (ICO) (registration number ZA047393).
We may provide trustee and executor services through the following associated companies:
To help you find the information that is most relevant to you, we have separated the personal data we process into the following groups of individuals:
Within each group, you will find further information about the types of personal data we process; the source of the personal data; the purpose(s) for which we process the personal data; the legal basis that applies to each purpose; the period we shall retain the personal data for (or how it is calculated); and the categories of recipients who may have access to the personal data.
The information that can be accessed from the above links identifies where we may process special categories of personal data about you, which includes: personal data revealing racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; data concerning health; or sex life or sexual orientation and personal data relating to criminal convictions or offences.
Where we process these types of personal data, we must have a further lawful ground for doing so, notably to: provide legal advice; establish, exercise or defend a legal claim; protect your vital interests or those of another person; and the prevention or detection of unlawful acts including fraud or money laundering.
We shall comply with our obligations under data protection law, including the GDPR, in relation to the processing of your personal data, which requires us to ensure that the personal data we process about you are:
It is important you keep us informed of any changes to the personal data we hold about you.
Unless you are a client based outside the European Economic Area (EEA), in most circumstances your personal data will be stored on our own servers in the UK or the servers of our third party service providers in the EEA.
We use Campaign Monitor for our email marketing, whose servers are based in the USA.
Where any personal data are to be transferred outside the EEA, we shall ensure they are processed in line with data protection law in the UK and EU. However where such safeguards cannot be provided, we may transfer your personal data outside the EEA where:
We have entered into written agreements with all third parties that process personal data on our behalf, requiring them to keep your data secure in accordance with GDPR principles.
In accordance with our obligations under data protection law, we have:
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a suspected personal data breach where we are legally required to do so.
We shall only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, regulatory, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was processed and the potential risk of harm from us continuing to keep it. You can read more about our retention periods by clicking the link relevant to you in The personal data we process about you section above.
You can read more about the categories of recipients who we may disclosure or share your personal data to in The personal data we process about you section above.
As a firm of solicitors that is authorised and regulated by the SRA and accredited by Lexcel (the Law Society’s legal practice quality mark), we may be required to provide the SRA, Legal Ombudsman or our Lexcel assessors with access to client files in relation to audits and investigations.
We will not share your personal data with any third party for direct marketing purposes unless you have given your consent to receiving direct marketing from a specific third party, for example, an organisation that has co-hosted an event with us.
We do not routinely share personal data with any of our group companies, which operate as separate businesses. However where you wish to engage the services of one of our group companies, we will share such personal data as is necessary for that purpose. Once you have engaged any of our group companies, they will be responsible for processing your personal data in accordance with their obligations as a ‘controller’ under data protection law.
We are not required to provide you with information about the processing of personal data that has been obtained about you from another person and which is subject to legal professional privilege and/or our obligation to maintain the confidentiality of such personal data in accordance with our professional obligations as a firm of solicitors. We are required to have regard to a set of mandatory principles and to comply with a code of conduct approved by the SRA.
We are further exempt from the requirement to provide you with information about disclosures of personal data to us or by us which are:
Other exemptions may apply to specific matters on which we advise our clients, including:
Unless you expressly agree otherwise, we will only send you marketing information by email about our own products, services and events where, if legally required to do so, you have consented to receiving those emails and have not opted-out at any time.
We have linked Campaign Monitor to Google Analytics so that we can identify traffic to our website from links contained in our email marketing campaigns.
You can manage your email marketing preferences by clicking the relevant link in the footer of each email we send or by emailing firstname.lastname@example.org.
We do not routinely record calls. However if we wish to record a call (for example, to ensure that we have a detailed record of your instructions or any other communications relating to your matter), you will be notified of this in advance and given an opportunity to object.
To the extent permitted by law, we may monitor electronic communications for the purposes of ensuring compliance with our legal and regulatory obligations and internal policies. This processing is necessary for the legitimate interest of monitoring compliance with our business and compliance obligations.
You have a number of rights in relation to the personal data we hold about you:
Some of the above rights only apply in certain circumstances and may be subject to certain Exemptions.
You will not have to pay any fee to exercise any of the above rights, though we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we will let you know.
To protect the confidentiality of your personal data we may ask you to verify your identity before fulfilling any request in relation to your personal data.
To exercise any of the above rights, you should contact us calling 0117 906 9400 and asking to speak to our Compliance Manager or emailing email@example.com.
If you have any concerns about how we have processed your personal data, you have the right to complain to the ICO. Please see the ICO’s website for further information.
We may make changes to this policy to reflect changes in our data processing practices. You are advised to review this policy regularly. However where we make any material changes to this policy, we will take steps to draw this to your attention beforehand.
If you have any questions or comments regarding this policy, please call 0117 906 9400 and ask to speak to our Compliance Manager or email firstname.lastname@example.org.