At Attwood & Co we take the Data Protection Act 2018 and General Data Protection Regulation very seriously. Our staff are trained in the collection and processing of your data. We are under a legal obligation to let you know what personal information we collect about you, what we use it for and on what basis. We always need a good reason and we also have to explain to you your rights in relation to that information. You have the right to know what information we hold about you and to have a copy of it, and you can ask us to change or sometimes delete it.
Whatever we do with your information, we need a legal basis for doing it. If you have instructed a service from us, we are entitled to process your information so that we can provide that service to you and bill you for it.
But we do not always need permission. In some cases, having assessed whether our use would be fair and not override your right to privacy, we may come to the view that it falls within ‘legitimate interests’ to use the information in a particular way such as for law enforcement, when a minor may be at risk, etc.
We want to make sure that any personal information we hold about you is up to date. So if you think your personal information is inaccurate, you can ask us to correct or remove it at no charge to you. Please contact our offices straight away to do this.
Under the Data Protection Act 1988, you have a right to know what personal information we hold about you. If you would like a copy of the information you are entitled to please contact our offices clearly identifying yourself and the information you require. We will ask you to provide identification to ensure we do not disclose your information to the wrong people.
We do not use your information for marketing unless we feel it is to your benefit. For example, if we feel you may benefit from updating your Will, etc. You can opt out of any marketing at any time by contacting our offices. We will never share or sell your information to another company or organisation.
Our web site collects no Personally Identifiable Information (PII) unless you specifically complete our Quick Enquiry Form (QEF). Should you complete our QEF the data you provide is sent to us by email to allow us to contact you following your request to do so.
Your data is not stored or processed in any way and is not used for advertising, customising your web site experience, or any other analytical information.
We do not share or sell any PII with any other third-party.
General Data Processing
All our staff are Data Processors and process data provided by you and any authorised third-parties, as agreed with you. Please contact us if you would like a copy of our data table providing a list of the typical data we need to hold to be able to work for you and how that data is processed.
All staff are Data Controllers, thereby determining the data required to carry out work for your matter. Each matter is unique, and data required for processing on one matter could be essential, but not required at all on another matter and therefore is not captured and/or stored.
Only our fee earning staff may have access to the above data outside of our offices, but explicitly for work related matters. Typically, this is required for attendance at court or with a specialist of which clients are made aware in advance.
Upon completion of your matter data is held in retention, in paper or electronic format, to comply with the Solicitors Regulations Authority Rules. The period for which data is stored varies between 6 and 25 years, dependent upon matter type. Clients agree to this retention by way of reading and signing a retainer letter, presented in succinct English on commencement of their matter/s, without which we do not commence work or hold and/or process your data.
All data is held in either paper form or electronically within our document management system (DMS). Data stored within our DMS is stored in encrypted form and access allowed on an individual basis by way of username and strong password. All staff are forbidden from sharing logon information with anyone.
All Clients can at any time request a copy of the data held by us. There is no fee for providing such information.
Attwood & Co Solicitors use Microsoft Windows and Microsoft Windows Server. Our workstations, servers, and the data held on our servers, is password protected and encrypted. When our hardware is decommissioned any internal media devices, such as hard disk drives, are destroyed. Should our equipment be stolen no information can be retrieved without decryption codes.
Our office network is firewalled to the highest level to prevent all access from outside our organisation. Access to social media and all unorthodox sites is barred.
All workstations and servers employ the latest technology to combat file and email viruses, malware, spyware, web browsing protection, etc. All workstations and servers are automatically updated at least once a day to ensure our protection is kept up to date and can combat the latest security threats.
Access to our computer systems is controlled by complex passwords. It is forbidden for staff to share logon information and all activity is fully audited on an individual basis.