Lester Aldridge LLP (LA) is a firm of solicitors offering a wide range of legal services to its clients. It is a limited liability partnership with registered number OC321318 and its registered office is Russell House, Oxford Road, Bournemouth BH8 8EX.
In order to provide our services, we need to use and keep personal data about our clients. We are required to provide you with information about how we will use your data, the safeguards to ensure that your data will not be used or shared inappropriately and your rights in respect of your personal data.
We will provide you with a copy of our data protection policy, which gives more information about how we look after your personal data, on request.
Any organisation that holds personal data and decides how it should be used is a Data Controller. An organisation that holds personal data but processes it only in accordance with documented instructions from a data controller is a data processor. In almost all cases, LA will be a Data Controller because we have to decide how to use the data to progress the matter about which you have instructed us.
In some exceptional circumstances, LA may be a data processor in relation to the personal data that you provide. We will identify this in our letter of engagement and enter into the appropriate form of agreement with you.
LA is the data controller. Any enquiries about the personal data that we hold should be addressed to Head of IT, Lester Aldridge LLP, Russell House, Oxford Road, Bournemouth BH8 8EX or by email at dc@LA-law.com.
LA has appointed a data protection officer to oversee compliance with data protection. The data protection officer is Catherine Tree, who can be contacted at Lester Aldridge LLP, Russell House, Oxford Road, Bournemouth BH8 8EX or by email at dpo@LA-law.com.
The Legal Basis for the Processing
The collection, use, sharing and storage of personal data are all termed “processing”. There must be a legal basis for any processing, which we are required to explain to you.
|The Purpose of the Processing||The Legal Basis for the Processing|
|We will require proof of your identity to satisfy the requirements of the Money Laundering Regulations 2017.||Proof of your identity is necessary to comply with a legal obligation upon us.|
|We will require personal data in order to discuss the legal advice and services that you require, and to provide legal advice and services in accordance with the letter of engagement between us. We will also need your personal data for the administration of your account with us.||The data is necessary to perform the contract for legal advice and services between us, constituted by the letter of engagement, or to take steps prior to writing the letter of engagement.|
|It may be necessary to process special category data in order to provide legal advice and services to you. Special category data includes data about racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health records or information about a person’s sex life or sexual orientation.||We will process special category data where:|
(a) it is necessary to perform the contract for legal advice and services between us, constituted by the letter of engagement, or to take steps prior to writing the letter of engagement; and
(b) the processing is necessary for the establishment, exercise or defence of legal claims.
|We will store the files or a copy of the files relating to your matter.||It is in our legitimate interests to retain files or a copy of files in order to deal with any queries that may arise after a matter has been completed.|
|Personal data may be collected on our CCTV system and recorded in our visitor book at reception.||It is in our legitimate interests to maintain the security of our premises.|
|We may use your name, address, email address and telephone numbers for marketing purposes.||We will only use your name, address, email address and telephone numbers for marketing purposes if we have your consent to do so.|
Recipients of Your Personal Data:
We may need to provide personal data to other people in order to provide legal advice and services to you. The recipients of such data may include:
- the other party(ies) involved in the matter and their legal advisers;
- expert witnesses; or
- other professionals acting on your behalf such as your accountant, surveyor, financial adviser or lawyers in other jurisdictions.
We are subject to professional obligations of confidentiality and will always discuss and agree any disclosure of personal data with you unless we are obliged to disclose it by law.
In most cases, there will be no need to transfer your Personal Data to a country outside the European Economic Area (EEA).
If there is a need to transfer your Personal Data outside the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- the country has been deemed to provide an adequate level of protection for Personal Data by the European Commission;
- we may use specific contracts approved by the European Commission which give Personal Data the same protection that it has in Europe;
- where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to Personal Data shared between Europe and the US.
If there are no appropriate safeguards in place, we may transfer data outside the EAA where the transfer is necessary for:
- the performance of the contract between us for the provision of legal services or advice, or for taking steps, at your request, prior to entering into such a contract;
- the conclusion or performance of a contract concluded in your interest between us and someone else; or
- the transfer is necessary for the establishment, exercise or defence of legal claims.
How Long Will Your Data be Kept?
We will keep your data until the completion of the matter for which it was collected. Once the matter has been completed we will keep our files and your data for as long as is necessary to fulfil the purposes of satisfying any legal, accounting or regulatory requirements and, where necessary, as long as is required for us to assert or defend legal claims. In most instances, your data will be retained by us for a period of between 6 years and 15 years. In matters where a child is involved, or that relate to wills, the period may be much longer. The appropriate period differs for different types of matters and we will inform you of the period for which we will keep your file in a letter or email to you when we close your file.
CCTV images are kept for 30 days, at which point they are overwritten unless there has been a security incident in which case the images will be kept until such time as the incident has been investigated and any necessary action has been taken.
We will keep any data that we hold for marketing purposes whilst we have your consent to do so.
If we ask for your consent to use your personal data for marketing purposes, you have the right to withdraw your consent at any time. The form of consent and subsequent marketing communications will tell you how to withdraw your consent. In addition, you can withdraw consent by email to dc@LA-law.com.
The withdrawal of consent will not affect our provision of legal advice and services to you in any way.
Other Rights in Relation to Your Personal Data
Under certain circumstances, you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on our legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request the erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us by writing to Head of IT, Russell House, Oxford Road, Bournemouth BH8 8EX or by email to dc@LA-law.com.
If you are dissatisfied with the way in which we have dealt with your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Telephone number: 0303 123 1113.