Prepared by: Mrs Verity Grigg – Lead on Data Protection Compliance
Mercian Law respects your privacy and is committed to protecting your personal data.
When you become a client of Mercian Law Limited (ML), make an enquiry or subscribe to our blog ‘The Debt Recovery Expert’, ML obtains information about you. This statement explains how we look after that information and what we do with it.
The purpose of this policy is to enable ML to:
Processing personal data is fundamental to our work as a solicitors practice. The General Data Protection Regulations (GDPR) regulates the processing of information relating to individuals. As solicitors, we must comply with the GDPR.
The processing of personal data without notifying the ICO is an offence which may result in a fine.
ML recognises that the aim of GDPR is primarily to give control to individuals over their personal data and to protect them from data and privacy breaches, and to simplify the regulatory environment in the modern digital landscape.
The Regulations set out six data protection principles with which we must comply.
DATA WE WILL NOT ASK FOR
ML will never process data regarding:
WHO WE ARE
Our contact details are:
Registered Office: Ventura House, Ventura Park Road, Tamworth, Staffordshire, B78 3HL
Correspondence Address: PO Box 15245, Tamworth, B77 9HE
Telephone: 01827 215679
Company Number: 6837515
As a solicitors practice, we are obliged to be registered with the Information Commissioners Office. The link below is to our registration entry:
Our lead on data protection compliance is Mrs Verity Grigg who is:
HOW WE USE YOUR PERSONAL DATA
The lawful basis for processing under GDPR.
Upon signing a retainer for our services, you give consent for our processing of your personal data to enable us to provide our services to you. If you do not provide the information we request, we cannot provide our professional services to you and will cease to act.
The purposes for which we intend to process personal data are either:
We will only use your personal data for the purpose for which we collected it.
WHAT PERSONAL DATA WE COLLECT, WHERE IT IS, AND WHO HAS ACCESS TO IT?
Personal data, or personal information, means any information about you from which you can be identified.
Normally the only information we hold comes directly from you. Whenever we collect information from you, we will make it clear which information is required to provide you with the service you need. We store your information securely on our secure computer system. The data we collect includes:
From July 2018 ML created a new blog, our historical database of contacts has been deleted. You have to ‘opt-in’ to be included on our blog mailing list, this way ML ensures we meet the GDPR standards on being specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn at any time without detriment.
ML holds your data on its:
VISITORS TO OUR WEBSITE
When someone visits www.mercianlaw.com we use Google Analytics (based outside the EU) to collect standard internet log information and details of visitor behaviour patterns. This is called aggregated data and is not personal data as it doesn’t reveal your identity. It is of interest for us to ascertain the number of visitors to our site and the pages visited. We do not make, and do not allow Google to make any attempt to find the identities of those visiting our website. Such use of data helps us to keep our website updated and relevant, which is a legitimate business interest.
Our website includes links to third party websites. Clicking on those links may allow third parties to collect or share data about you. ML does not control these third-party websites and are not responsible for their privacy statements. When you leave our web site, we encourage you to read the privacy notice of every website you visit.
When you call ML, you may be transferred to a telephone answering service www.answer.co.uk if we are engaged on another call. Your message is e-mailed to ML and stored on ML’s account.
ML uses Microsoft Office 365. We will also monitor any e-mails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any e-mail you send is within the bounds of the law. Remember standard e-mail is not a secure method of communication and confidential information shouldn’t be sent by e-mail.
ML uses a third-party provider, JivoChat, to supply and support our live chat service, which we use to handle enquiries in real time.
If you use the live chat service ML will collect your name, e-mail address and the contents of the live chat session. This information will be retained for 6 years and will not be shared with any other organisations.
If we receive a complaint, ML opens a file containing the details of the complaint. This will detail the identity of all involved in the complaint. We will only use the personal information we collect to process the complaint. We do compile statistics, but not in a form which identifies anyone. Complaint files are retained for 6 years.
ML tries to meet the highest standards when collecting and using personal information. We take any complaints seriously. We encourage you to bring it to our attention if you think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome your suggestions for improving our procedures.
Our use of your personal data is subject to your instructions, the GDPR and our duty of confidentiality. Please note that our work for you may require us to give information to third parties such as expert witnesses, other professional advisers, the court service, mediators, IT consultant, professional indemnity insurance providers etc – data processors. Apart from these agreed third parties, we will not share your information with anyone else. We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
ML has identified the following potential key risks, which this policy is designed to address:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
ML’s IT security includes anti-virus software, e-mail encryption protocols, cloud-based data storage. ML also has professional indemnity insurance covering loss of client data.
WHAT HAPPENS IF THERE IS A PERSONAL DATA BREACH?
The GDPR defines a personal data breach as: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
ML uses the services of an IT consultant and has implemented recommendations to attempt to mitigate the risks associated to a solicitors firm. This has included Advanced Threat Protection and cloud-based data storage (as opposed to data back-up held within the office).
ML must notify the ICO without undue delay (within 72 hours) once a breach has been detected that is likely to result in a risk to your rights and freedoms. For example, the breach could result in loss of confidentiality, your economic disadvantage. ML will also notify you directly.
ML will act in a reasonable and proportionate manner in complying with our obligations.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The Solicitors Regulation Authority (SRA) does not have any specific rules on the length of time we should keep your file. We are required to establish good processes for orderly file closure, which is central to running an efficient practice, managing risk (chapter 7 of the SRA Code) and fulfilling our client care obligations (Chapter 1 of the SRA Code). There are no requirements relating to retention of files in the SRA’s Minimum Terms for Professional Indemnity Insurance. However, in the event of a complaint we keep data for the following periods:
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
You have the right, free of charge, to a copy of all the information we hold about you in a structured commonly used and machine-readable form (apart from a very few things which we may be obliged to withhold because they concern other people as well as you). To obtain a copy, either write to the lead for data protection compliance – Mrs Verity Grigg at Mercian Law Limited or alternatively e-mail us:
To help us provide the information you require and deal with your request swiftly, please provide the following information to enable us to verify your identity and locate the information:
You can ask someone else to request information on your behalf, for example, a solicitor, friend or relative. We must have your authority to respond to a subject access request on your behalf. Please provide a signed letter stating that you authorise us to send the information to the person concerned.
We aim to reply as promptly as we can and, in any case, within the legal maximum of 1 month or 40 days if the request is complex.
If ML believes your requests are manifestly unfounded or excessive, we reserve the right to refuse your request or charge you a reasonable fee for our time in dealing with the request.
If you disagree with our decision you can complain to the ICO, the UK supervisory authority for data protection issues.
If you have a concern about ML’s information rights practices, we would appreciate if you raise it with Mrs Verity Grigg at ML in the first instance using the contact information above.