We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

• who we are,
• how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

Who we are

Gaby Hardwicke (‘we’ or ‘us’) collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 2018 and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

What information we collect

We collect and process personal data about you. Personal data, or personal information, means any information about an individual from which the person can be identified. It does not include data where the identity has been removed (anonymous data). The types of personal data that are processed may include:

• Individual details: name, address (including proof of address), other contact details (such as email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title  and family details including their relationship to you, details about you that are in public records, such as the Electoral Register, and information about you that is openly available on the internet, any permissions, consents or preferences that you give us (including how you want us to contact you);
• Identification details: Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number or driving licence number;
• Financial information:  Bank account or payment card details, mortgage details, income or other financial information;
• Contractual data: Details about the services we provide to you and how you use our services, or details about any potential conflicts of interest;
• Credit and anti-fraud data: Bankruptcy history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you;
• Special categories of personal data: Certain categories of personal data which have additional protection under the Data Protection Act 2018. The categories are physical or mental health condition, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation. We will usually not ask you to provide special categories of personal data unless this is needed to advise you or deal with your case or transaction (for example in personal injury claims or employment matters). If we request such information, we will explain why we are requesting it and how we intend to use it. Your consent will be necessary and you may withdraw your consent at any time. However, if you withdraw your consent, this may impact our ability to provide you with legal services;
• Transaction Data: Details about payments to and from your accounts with us, how you use our services, and any claims you make;
• Profile Data: Information about your interests, preferences, services generally provided;
• Marketing and Communications data: Information about your preferences in receiving marketing material.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose.  Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.  For example, we may aggregate information about how you use our services to calculate the percentage of clients utilising a particular service we offer.  However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

Where we might collect your personal data from

We might collect your personal data from various sources, including you, your family members, employer or representatives, estate agents, accountants, mortgage lenders solicitors, credit reference agencies and anti-fraud databases, sanctions list, court judgements and other databases, or third parties including the other party to your case or transaction, social services, carers or nursing and retirement homes. Which of these sources apply will depend on your particular circumstances, but most of the time the information will come from you,

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can give consent on his/her behalf to the processing of his/her personal data; receive on his/her behalf any data protection notices; and give consent to the processing of his/her personal or sensitive data.

It is important that the personal data we hold about you is accurate and current.  Please keep us informed if your personal data changes during your relationship with us.

Why do we need this information about you and how will we use it

We may use your personal information for the following purposes:

• The provision of legal services, including setting you up as a client (along with possible fraud, sanctions, bankruptcy and anti-money laundering checks), client care, including communicating with you and sending you updates and documents, filling out forms and documents as necessary for your case or transaction, credit control including receiving payments from you, returning payments to you or chasing for payment, letting you know of related legal services;
• The administration and management of our practice, including statutory returns, legal and regulatory compliance, the prevention of money laundering or terrorist financing, keeping accounts and allocating payments, managing and retaining records and database of our clients and matters including to carry out conflict checks, analysing our client database and developing and improving our services, managing claims and complaints;
• Marketing our services to you, including letting you know about events that we organise, sending you newsletters by email, carrying out surveys to improve our services and keeping in touch generally;
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Legitimate interest means the interest of our business in conducting and managing our business.  We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.  We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).  You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Please note that when we carry out electronic identity checks via external search providers in order to comply with our regulatory requirements, the checks leave a footprint on an individual’s credit file. However, this footprint is not the same as a credit check footprint and will have no negative impact on your file. It is just shown as an ‘identity search’ which is effectively a light footprint, simply showing an anti-money laundering search has taken place. An individual can have many identity footprints and it still will not affect their credit file.

Marketing

We would like to send you occasional information by post or email about some of our services which may be of interest to you. We will only send you occasional marketing messages when you tick the relevant boxes. If you have consented to receiving marketing from us, you can opt out at any time. See ‘What rights do you have?’ below for further information.

Who your information might be shared with

We may disclose your personal data to The Solicitors Regulation Authority, The Legal Ombudsman, The Law Society, The National Crime Agency, The Office of the Public Guardian, HMRC, our insurers, our accountants, your mortgage lender depending on your case or transaction, and to other external organisations and firms who may conduct audit or quality inspections on our practice and our client services or provide services to us, and who are required to maintain confidentiality in relation to our files. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party unless necessary for your case or transaction and with your consent (for example if we need to instruct a barrister or an expert).

How long your personal data will be kept

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim, or where we are required to keep your personal data due to legal or regulatory reasons.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such personal information without further notice to you.

Reasons we can collect and use your personal information

We are allowed to use personal information only if we have a proper reason to do so. You will find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so. When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.

If we process any special categories of personal data, we will only do so under one of the following legal grounds:

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Keeping your data secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

While we will use all reasonable efforts to safeguard your personal data, the use of post or emails and the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Will your personal information be transferred to other countries?

We may need to share personal information with third parties in both the UK and internationally for a variety of reasons. We require third parties to respect the security of your personal information and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.

We may transfer the personal information we collect about you to countries outside the EU in order to process your personal information on one of the grounds listed above. It is possible that the European Commission will have deemed such countries adequate. This means we can transfer your personal information to those countries as they will provide an adequate level of protection for your personal information.

However, not all countries to which we may transfer your personal information will be deemed adequate by the European Commission. To ensure that your personal information does receive an adequate level of protection we will put in place standard contractual clauses approved by the European Commission with those third parties wherever necessary. This ensures that your personal information is treated in a way that is consistent with and which respects the applicable laws on data protection.

What happens if you choose not to provide us with personal information or are unable to provide us with personal information?

If you fail to provide certain personal information when requested, we may not be able to perform the agreement we have entered into with you, or we may be prevented from complying with our legal obligations.

What rights do you have?

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please see the “How to Contact Us” section and let us have enough information to identify you:

1. contact our Data Protection Manager (see “How to Contact Us”);
2. let us have enough information to identify you (for example your name and what services we provided to you or when);
3. let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
4. let us know the information to which your request relates, including any reference number if you have this.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Use of Cookies

Our website uses cookies and pixels, which give us information about your use of our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user’s internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. We may use this information to contact you, and we will use it as a means of analysing the effectiveness of our website and to improve our service.

You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.

For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.

How to complain

We hope that our Data Protection Manager can resolve any query or concern you raise about our use of your information.

You have the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.

Changes to this privacy notice

This privacy notice was last updated on 21 May 2018. We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

How to contact us

Please contact our Data Protection Manager, Gary Winterton, if you have any questions about this Privacy Notice or the information we hold about you, or if you would like this notice in a larger print. If you wish to contact us, please write to us at Gaby Hardwicke, 33 The Avenue, Eastbourne, BN21 3YD or email us at info@gabyhardwicke.co.uk.