Coates & Co, Solicitors
We take the security and privacy of your data seriously. We need to gather and use personal information or ‘data’ about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
We act as a “Data Controller” in respect of the information gathered and processed by us.
If you have any comments or queries regarding our use of your data, please contact Ms Amanda Coates at firstname.lastname@example.org or write to Park House, Park Square West, Leeds, LS1 2PW.
In order that you are reliably informed about how we operate, we have developed this Privacy Notice (also known as a Fair Processing Notice or FPN), which describes the ways in which we collect, manage, process, store and share information about clients, professional contacts, suppliers of services and other third parties as well as visitors to this site. The privacy notice also provides you with information about how you can have control over the use of your data.
How We Use The Data
We seek to collect information about you so that we can:
- Provide legal services
- Provide information about our services (and any subsidiary or associated businesses)
- Facilitate business development including sending updates, publications and details to events
- Administer our relationship with you, provide advice and respond to enquiries
- Process applications for employment
- Ensure the billing of any procured services and obtain payment
- Process and respond to any enquiries and complaints
- Enable us to meet any legal or other regulatory obligations imposed on us
- Audit usage of our website.
The information that we need for these purposes is known as your “personal data”. This includes your name, home address, email address, telephone and other contact numbers and financial information. We collect this in a number of different ways. For example, you may provide this data to us directly online or over the telephone, or when corresponding with us by letter.
We may also process sensitive classes of information that includes:
- Physical or mental health details;
- Racial or ethnic origin;
- Political opinions
- Religious and philosophical beliefs;
- Genetic and biometric data;
- Sex life and sexual orientation;
- Criminal convictions and offences (if any); and
- Trade Union Membership
We may hold and use any of these special categories of your personal data in accordance with the law.
Please also be advised that when you visit this website, cookies will be used to collect information about you such as your Internet Protocol (IP) address which connects your computer or mobile device to the Internet, and information about your visit such as the pages you viewed or searched for, pages response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third party organisations.
Lawful basis for processing the Data
In order to use the data we have we will rely from time to time on one or more of the following reasons:
- Any consent given to us for the processing of personal data for specific purpose(s); or
- To perform a contract to which you are a party, or to take steps at your request prior to entering into a contract; or
- To comply with our legal obligations; or
- If it is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us as Solicitors; or
- If it is necessary for the purposes of our legitimate interests as Solicitors or our clients’ legitimate interests where we consider that these interests override the rights of the data subject.
Under the terms of data protection legislation, you have the following rights if we retain your data or you visit our website.
Right To Be Informed
You have the right to information about what personal data we process, how and on what basis as set out in this policy
Right To Access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.
To make Subject Access Request, please write to us using the contact information above.
Right To Rectification
If any of the information that we hold about you is inaccurate, please write to us using the contact information above to correct this.
Right To Be Forgotten
You can request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact us using the contact information above.
Right To Object
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop. Any objection to our data processing or withdrawal of consent must be in writing to us using the contact information above.
Right To Restrict Processing
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you should contact us in writing using the contact information above.
Right To Data Portability
You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
Rights Related To Automated Decision-Making
You have the right not to be subjected to automated decision-making.
How Long Will We Retain Information For?
We will retain information for a period of up to three years, unless the retention and use of your data falls within one of the legitimate reasons for processing data under the GDPR and 2018 Act which includes requiring us to comply with our legal obligations.
None of the information that we collect process or store as a result of this website is transferred outside of the European Economic Area (EEA). This includes information that is exchanged with any third party organisation as described above.
Data Privacy And Security
We maintain data management systems that include processes for ensuring that data protection and security is a key consideration of all our IT systems, facilities and equipment that hold personal data.
Where any concerns, risks or issues are identified, we may conduct an assessment in order to determine any actions that are necessary to ensure privacy.
We also have external providers who help us to:
- Protect the security of the personal data we hold
- Avoid potential breaches of confidentiality;
- Ensure all IT facilities have protection against damage, loss or misuse;
- Increase awareness and understanding of the requirements of information security; and
- Ensure and improve the security of this website.
You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office (ICO) directly. Full contact details including a helpline number can be found on the ICO website. This website has further information on your rights and our obligations.