Following the implementation of the EU General Data Protection Regulation (GDPR) on 25 May 2018 we have updated our policies on how we use your information.
Maintaining the security of your data is a priority of ours and we are committed to protecting your information we have about you. We aim to process your data fairly, ethically and legally at all times. We want to be as transparent as possible about the personal data and sensitive personal data we collect from you and how this is used.
This privacy notice aims to explain the types of data Glassbrooks Limited may collect about you when you visit our offices, use our services, in the running of your matter and when you use our website. It also aims to make it clear how we will process, share and keep your data.
If you have any questions about this notice then please do not hesitate to get in touch with us.
Who we are (The Data Controllers)
1 York Road,St Annes On Sea, Lancashire, FY8 1HP
We are registered at Companies House under company registration number 5112397.
We are also registered on the Information Commissioner’s Register. Our Solicitors Regulation Registration Number is 419909.
The nominated Data Protection Officer is
Categories of People for who we hold Personal Data
We hold personal data relating to
- People who correspond with us
- People who enquire about our services
The categories of information we collect, process, hold and share include:
- Personal information (such as name, national insurance number)
- Financial data
- Profile data such as how you came to instruct Glassbrooks.
- Special categories of data including characteristics information such as gender, age, ethnic group
- Medical information (such as reports and notes)
- Work absence information (such as wages, number of absences and reasons)
- Vehicle details
- Legal documents such as wills, finance records and applications.
- Personal statements
Your data may be collected in a number of difference ways. For example, your data may be obtained by you filling in forms we send you. This could include contact and financial information. Data may also be collected by you corresponding with us by phone, email, des personal data you may provide when enquiring about our services, giving us feedback, using any Contact Form feature on our website and generally by using our legal services.
We have internal processes for protecting data. This includes (but is not limited to) using encrypted drives on laptops and computers for storage on any client information, utilising electronic communication processes for sending sensitive personal data and for the removal of paper files from the office. If you would like more information about this please get in touch.
Why we collect and use this information
The personal data is necessary for us to:
- Enable us to provide legal services to you under the terms of our contract with you.
- Verify your identity.
- Process and manage your instructions.
- To monitor client satisfaction.
- Produce and update our own marketing, risk and diversity policies.
- Comply with our legal obligations, for example to prevent Money Laundering.
- Manage the HR matters of the business.
- In pursuit of our legitimate interests (as set out below).
We do not use your personal data to make automated decisions or for profiling. Where we need to collect personal data by law and you do not provide that data when requested we may not be able to fulfill the contract with you (i.e. to provide you with legal services). In this situation we may have to cancel the contract with you but we will inform you of this.
The lawful basis on which we process this information
Processing is necessary for:
- the performance of our contract with you or for us to take steps for us to enter into a contract; or
- the legitimate interests of ourselves or a third party, except where such interests are overridden by your interests, rights or freedoms. Our legitimate interests include (but are not limited to) enabling us to run our business, make marketing and risk decisions, to enable us to comply with our compliance obligations, protecting clients employees and other individuals, understand our client’s instructions preferences and needs, handling client contacts and queries, the general progression of cases / matters in which we are instructed. Our legitimate interests include using your data to recover a debt from you to us; or
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller such our duty to identify fraud; or
- the performance is in compliance with a legal obligation such as providing information to a tax or other authority. It may be that a combination of the above can apply to any particular matter in which Glassbrooks acts for you.
Collecting this information
The information you provide to us is on a voluntary basis. We may obtain data from you or from third parties such as your medical records. This data may be both personal and special personal data (such as personal data about your health or religion). We may obtain personal data from publicly accessible sources (such as social media and HM Land Registry). We cannot provide legal services to you without processing and disclosing your personal data.
Storing this information
We hold your data for as long as is necessary to comply with our professional obligations, in particular those relating to accounting, legal and reporting requirements.
Paper files: If we act for you in respect of a property purchase your paper file will be retained and stored for twelve years after which it will be securely disposed of. Most other paper files are destroyed after 6 years.
Electronically held information: Our case management system may retain data indefinitely beyond any destruction of your paper file. This is because we need to keep this information in order to carry out conflict checks when we take on new matters and ensure we do not inadvertently act against you or any other client in a case years down the line.
The retention of personal data for this purpose is retained for the legitimate interests of ourselves.
Out of an abundance of caution we inform you that for the protection of employees and the security of the premises we have CCTV at our offices and the footage is retained for no more than 3 weeks.
Who we share this information with
We routinely share this information with:
- People in connection with the work we do for you with such as the court, barristers, other law firms, costs draftsman, expert witnesses, medical agencies, HM Land registry, will registers, and witnesses.
- People in connection with the operation of our business such as IT companies, accountants, accreditation and regulatory bodies.
- People to whom we have a legal duty, such as the police and government agencies
Why we share your information
We do not share information about you with anyone without consent unless the law and our policies allow us to do so.
We only share your data if it is
• Necessary for the purpose of our contract with you.
• Necessary due to a legal obligation.
• Necessary for a legitimate interest we have, after considering your own interests.
• Necessary in the pubic interest.
We have robust processes in place to ensure that the confidentiality of your personal data is maintained and there are stringent controls in place regarding access to it and its use.
Decisions on whether we release your personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested; and
- the arrangements in place to securely store and handle the data
To be granted access to your personal data, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
Requesting access to your personal data Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact:
Christopher Moore (The Data Protection Officer)
1 York Road, St Annes On Sea, Lancashire, FY8 1HP
You also have the right to
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact:
Christopher Moore (The Data Protection Officer)
1 York Road, St Annes On Sea, Lancashire, FY8 1HP