Lester Aldridge LLP (LA) is a firm of solicitors offering a wide range of legal services to its clients. It is a limited liability partnership with registered number OC321318 and its registered office is Russell House, Oxford Road, Bournemouth BH8 8EX.
In order to provide our services, we need to use and keep personal data about our clients and third parties that are connected to our clients’ matters. We are required to provide information about how we will use personal data, the safeguards to ensure that the personal data will not be used or shared inappropriately and an individual’s rights in respect of their personal data.
Please also see a copy of our data protection policy, which gives more information about how we look after personal data.
Any organisation that holds personal data and decides how it should be used is a controller. An organisation that holds personal data but processes it only in accordance with documented instructions from a controller is a processor. In almost all cases, LA will be a controller because we have to decide how to use the data to progress the matter about which our clients have instructed us.
In some circumstances, LA may be a processor in relation to the personal data that is provided. We will identify this in our letter of engagement and enter into the appropriate form of agreement with the client.
LA is the controller. LA has appointed a Data Protection Officer to oversee compliance with data protection. The Data Protection Officer is Catherine Tree. Any enquiries about the personal data that we hold should be addressed to Data Protection Officer, Lester Aldridge LLP, Russell House, Oxford Road, Bournemouth BH8 8EX or by email at dpo@LA-law.com.
We might hold your personal data for the following reasons:
- because you have made an enquiry with us;
- because you are a client for the provision of legal services and advice
- because you are a point of contact/Director (third parties) of a Corporate client who has engaged us to provide legal services and advice;
- for administrative reasons to enable us to provide our services;
- because your data has been passed to us by a client or we have interacted with you as a result of our client’s matter (third parties);
- because you are providing expert advice or opinions or services in connection with our clients’ matters or otherwise (experts);
- because you are a contractor or supplier of services to us;
- for security reasons, if you have visited our premises;
- for security reasons, including our system security;
- for our marketing, publications, webinars and events, and to understand how visitors to our website interact with it. (Please see our Privacy and Cookies statement and our website Terms & Conditions);
- to meet our legal and regulatory duties, including our duties to know our clients and protect against money laundering;
- because contact has been made to us for recruitment and/or work placement opportunities.
How we collect this information
We mainly collect information direct from you when you contact us, visit us, enter into a contract with us or are referred to us by a third party. We receive third party data from our clients and in the course of dealing with our client’s matter.
The Legal Basis for the Processing
The collection, use, sharing and storage of personal data are all termed “processing”. There must be a legal basis for any processing, which we have set out below.
|The Purpose of the Processing||The Legal Basis for the Processing|
|If you are a client, we will require proof of your identity to satisfy the requirements of the Money Laundering Regulations 2017.||Proof of your identity is necessary to comply with a legal obligation upon us.|
|If you are a client, we will use electronic identification and verification (EIDV) software tools to verify your identity and undertake regulatory screening. We will use the EIDV tool to perform ongoing monitoring where required.||It is in our legitimate interests to use an EIDV tool as this is a far more reliable and robust way for us to meet our strict regulatory obligations.|
|If you are a client, we will require personal data in order to discuss the legal advice and services that you require and to provide legal advice and services in accordance with the letter of engagement between us. We will also need your personal data for the administration of your account with us and to enable us to perform conflict of interest checks within our client database.||The data is necessary to perform the contract for legal advice and services between us, constituted by the letter of engagement, or to take steps prior to writing the letter of engagement.|
|If you are a client or a third party on our client’s matter, it may be necessary to process special category data in order to provide legal advice and services to you. Special category data includes data about racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health records or information about a person’s sex life or sexual orientation.||We will process special category data where:|
(a) the processing is necessary for the establishment, exercise or defence of legal claims
(b) you explicitly consent to the processing
|We will store the files or a copy of the files relating to a client’s matter.||It is in our legitimate interests to retain files or a copy of files in order to deal with any queries that may arise after a matter has been completed.|
|Personal data may be collected on our CCTV system if you visit our offices and recorded in our visitor book at reception. If we occupy offices that have a centralised room booking system, your name may be recorded in that system||It is in our legitimate interests to maintain the security of our premises.|
|We may use your name, address, email address and telephone numbers for marketing purposes.||We will only use your name, address, email address and telephone numbers for marketing purposes if we have your consent to do so.|
|We may use a third-party name, address and contact information supplied by clients (or other parties) when we carry out our client’s instructions.||It is in our client’s legitimate interests that the personal data of other parties or third parties to the client’s matter be processed.|
|We may use a third party’s name and address supplied by a client to carry out conflict of interest checks within our client database.||It is in our legitimate interests that the personal data be processed to check for any conflicts of interest.|
|We hold expert names, addresses, contact data and areas of expertise, which we refer to when we engage experts whilst we carry out our client’s instructions||It is in our legitimate interests that we hold data of experts to refer to for selection of appropriate skills for our client’s requirements.|
The data is necessary to engage the expert and enter into a contract for services with the expert.
|We may need proof of identity of third parties before we release information or funds or to satisfy the requirements of the Money Laundering Regulations 2017. We may use electronic identification and verification (EIDV) software tools to verify your identity.||It is in our or our client’s legitimate interests that the personal data be collected and verified before we release information.|
Proof of your identity is necessary to comply with a legal obligation upon us.
|We may need to use data to comply with audit and statutory regulations.||The processing is necessary for compliance with a legal obligation to which we are subject.|
It is in our legitimate interest to comply with the requirements of audits.
|We hold applicant information for recruitment vacancies.||The data is necessary to consider the application for employment prior to making any offer of employment.|
You consent to us having the data.
Recipients of Your Personal Data:
We may need to provide personal data to other people in order to provide legal advice and services to our clients. The recipients of such data may include:
- the other party(ies) involved in the matter and their legal advisers;
- the Court;
- expert witnesses;
- other professionals acting on our client’s behalf such as accountant, surveyor, financial adviser, costs draftsmen or lawyers in other jurisdictions.
We are subject to professional obligations of confidentiality and will always discuss and agree any disclosure of personal data with our client unless we are obliged to disclose it by law. Where appropriate, with experts, we will enter into a Data Sharing Agreement with them to ensure that the data is protected.
We may use external service providers for IT, fileshare and communication services. All our external service providers are required to take appropriate security measures to protect your data.
In most cases, there will be no need to transfer your Personal Data to a country outside the UK.
If there is a need to transfer your Personal Data outside the UK, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- The country has been deemed to provide an adequate level of protection for Personal Data by the UK;
- We may use specific contracts approved by us in the UK which give Personal Data the same protection that it has in Europe;
- We adopt safeguard mechanisms to protect the data, e.g. use encryption, put in place standard contractual clauses.
If there are no appropriate safeguards in place, we may transfer data outside the UK where the transfer is necessary for:
- the performance of the contract between us for the provision of legal services or advice, or for taking steps, at your request, prior to entering into such a contract;
- the conclusion or performance of a contract concluded in your interest between us and someone else; or
- the transfer is necessary for the establishment, exercise or defence of legal claims.
- you explicitly consent to the transfer
How Long Will Your Data be Kept?
Client matter data will be kept until the completion of the matter for which it was collected. Once the matter has been completed we will keep our files and that data for as long as is necessary to fulfil the purposes of satisfying any legal, accounting or regulatory requirements and, where necessary, as long as is required for us to assert or defend legal claims. In most instances, client matter data will be retained by us for a period of between 7 years and 15 years. In matters where a child is involved, or that relate to wills, the period may be much longer. The appropriate period differs for different types of matters, and we will inform our client of the period for which we will keep their file in a letter or email when we close their file.
Recruitment applications will be retained for seven months by our HR Team.
CCTV images are kept for 30 days, at which point they are overwritten unless there has been a security incident in which case the images will be kept until such time as the incident has been investigated and any necessary action has been taken.
Visitor information in our visitor book is kept for a 2-year period.
We will keep any data that we hold for marketing purposes whilst we have your consent to do so.
If we ask for your consent to use your personal data for marketing purposes, you have the right to withdraw your consent at any time. The form of consent and a subsequent marketing communication will tell you how to withdraw your consent. In addition, you can withdraw consent by email to dpo@LA-law.com.
The withdrawal of consent will not affect our provision of legal advice and services in any way.
Other Rights in Relation to Your Personal Data
Under certain circumstances, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on our legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by writing to Data Protection Officer, Russell House, Oxford Road, Bournemouth BH8 8EX or by email to dpo@LA-law.com.
Prior to actioning your request, we may ask you to validate your identity and we will only carry out any request by you when we are satisfied that we have validated your identity appropriately.
If you are dissatisfied with the way in which we have dealt with your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Telephone number: 0303 123 1113.
Website address: https://ico/org.uk