General Data Protection Regulations (GDPR)
This page details how we process the personal data we hold of you as a client of Hansell Drew & Co Solicitors and how you can control the retention and use of that data. When you begin a business relationship with Hansell Drew & Co as a client the data you provide may be used for different purposes and may be treated in different ways. A Privacy Notice will be sent to you at the start of our business relationship.
Essentially we will only hold and retain such data which is necessary for the performance of our contract with you i.e. dealing with your case in accordance with our professional legal requirements and your instructions, or where some other lawful purpose is engaged e.g. holding the data for accounting record purposes or audit by the Legal Aid Agency, etc. We will not share your data with any unnecessary third parties and we will not use your data for marketing purposes.
In order to act for you we ask that you review and accept and consent to this Data Protection Policy. Note however that Hansell Drew & Co also relies upon Article 6 (1)(b) of GDPR which is necessary for the performance of a contract between ourselves as provider of Legal Services and yourself as the client.
All data that is held by us or those who act on our behalf is password protected and backed up on at least a daily basis and stored on servers or computers based in the EU. Where data is held on or capable of being accessed by a desktop laptop or tablet computer that equipment is password protected. We are registered with the Information Commissioners Office. We are satisfied ourselves that all third parties who hold your data on our behalf will comply with GDPR for the data commencement which is the 25th May 2018.
Our central position in relation to the processing of data is that Hansell Drew & Co which is at all times to comply with both the letter and spirit of data protection legislation. We will therefore work openly with you to resolve any concerns that you have.
The new regulations are complex and we like many other small businesses are working through the implications in order to implement compliant solutions.
If you wish to see the data we hold or request it’s deletion you can send an email to us via our website Contact Page and we will contact you to facilitate this. We aim to comply with any request within 20 working days.
Payments
When you pay a bill online or invoices paid by direct debit, these transactions are handled by third party card companies. We therefore have no access to your financial data at all. These companies are approved financial institutions and you should contact them directly if you have questions in relation to your data use.
Where payment is made the transaction is recorded by our bank/payment processor and we have access to your identity and payment confirmation in order that we can reconcile your account. These details are retained for a period of 6 years from the date of payment.
Your case
We ask for your name, address, business address and email address and telephone contact number. In addition to using this information in order to communicate with you to deal with your matter we also use these details to generate invoices and create accounting records for HMRC and other accounting purposes (i.e. legal obligations under GDPR). We will ask you for all relevant details needed for the progression of your case and where necessary speak to you and obtain information from others e.g. witnesses. Where necessary we will also obtain information to discuss your details with others e.g. a Barrister who we may instruct to represent you or other experts such as forensic experts which may be necessary for the preparation of your case.
We may also receive data about your case from other parties e.g. disclosure on your case from the Crown Prosecution Service and reports from the Probation Service. All data received from you or in relation to your case is covered and protected by this Data Policy, in addition to our Professional Conduct Rule which ensure client confidentiality. These details are retained and stored for a period of 6 years from the date of completion of your case. We are required to do this by our Contract of Indemnity Insurance and our contract with the Legal Aid Agency. After 6 years the file will be destroyed unless there is a specific reason to retain that file.
Unsolicited Contact
You may contact us via email or other social media, you should note that we maintain a record of that exchange. You do of course have the right to have such data deleted.