Land Law
Specialists

Our Data Protection Policy

If you need this information in another format (for example, in a larger font or in another language), please let our Data Protection Manager know.

Purpose

We are required to manage the way we hold personal data about actual persons in order to meet our legal, regulatory and operational obligations. We are also required to give you information about what personal data we use and why we use it.

We do not transfer any data to third countries, that is, out of the UK.

What data do we hold?

As lawyers, we have always held personal data about our clients, staff, suppliers and others. This personal data, whether it is held on paper or electronically, is subject to certain legal safeguards in the Data Protection Act 2018 which gives effect to the General Data Protection Regulation ("GDPR"). The Act contains important rights and obligations to protect the integrity, storage, confidentiality and ultimately, appropriate disposal, of personal data.

Obtaining a copy of this Policy

Copies of this Policy or our Data Destruction Policy can be supplied by email, on paper, on our website and in person at our offices: just ask us.

Our Data Protection Manager

This Policy tells you what to expect when we collect personal information (personal data). Land Law Solutions is the data controller for the data we collect.

Our Data Protection Manager is Heather Palmer who can be contacted at legal@landlawsolutions.co.uk and she is authorised to be the contact point in the practice for any concerns or questions about data protection. If you do not understand this document, please contact our Data Protection Manager, who will be able to help you.

Who is affected by this policy?

This Policy applies to information we collect about:

  • clients and former clients;
  • job applicants, contractors and providers of outsourced services;
  • people who make enquiries or requests under the Data Protection Act 2018;
  • other data subjects

The Data Protection principles

The Data Protection Act 2018 regulates the use of personal information held by us. We must comply with six data protection principles, which say that personal data must be:

  • processed fairly, lawfully and transparently;
  • processed only for specified, explicit and legitimate purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate and, where necessary, kept up to date;
  • not kept longer than necessary;
  • processed using appropriate security.

Keeping our data up to date

It helps us to keep our data up to date if you:

  • check that any personal data you provide to us is accurate and up to date when you give it to us;
  • tell us at once if anything changes e.g. a change of address;
  • check that any information we send you is accurate - if we get something wrong, please tell us straight away so we can correct it.

Legal basis for processing

We ensure that the personal data we collect is processed on a specific legal basis, as set out below. We do not transfer any data outside the UK/EU. If you have any questions on the legal basis below, please contact our Data Protection Manager.

How we store and review data

We use one server-based database which stores all our client, financial and contact list data. Our Data Protection Manager is responsible for ensuring all data entry is accurate, that the database is secure, confidential and that back-ups are made and appropriately secured. She will also regularly complete data cleansing exercises to check our data is up to date, e.g. when we are notified of a death, change of address, change of name, withdrawals of consents and opt-outs of emailings.

What information do we collect?

  • your full name and contact details (i.e. address);
  • who you are to us (such as a client, employee or a member of the public) and sometimes (for conflict and professional reasons) how/whether you are related to another client or person;
  • your e-mail address and contact numbers;
  • your gender (to enable us to address you correctly);
  • next of kin, bank details and GP's address if you are a member of staff;
  • your current (and occasionally) previous home addresses;
  • documents to verify your ID and your bank details for both ID purposes and to make or receive payments;
  • CV, if you are a job candidate;
  • case-related information, such as property information forms we ask you to fill in;
  • lifestyle and social circumstances data for certain types of legal work. Some of this data is classified as special categories of personal data: this is information about you which relates to racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, genetic and biometric data processing, health data, data about sex life or sexual orientation. To process this type of data we would need your explicit consent and we would discuss this with you when and if appropriate

How and why do we process data?

For our clients

We collect personal information about people who wish us to act for them (our clients) because we need to use that information to progress their work. For example, the type of personal data we normally need might be a client's name, address, email address, identity documents, details of the ownership of the land in question, including title number, and bank details for processing payments.

We will only ask for the details we need and nothing extra. We get client's consent to use their personal data.

For job applicants and our current and former employees

We collect personal information about people who work with us because we need to use that information to run our business. For example, we need a person's name, address, email address, identity documents, family members' details, and bank details for processing payments. We will use this personal data to administer the contract we have with the people who work with us.

When individuals apply to work with us, we will only use the information they supply to us to process their application. We would obtain their consent to do that. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a 'disclosure' from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 6 months after any recruitment exercise has been completed, it will then be destroyed or deleted.

Once a person has joined us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be processed for purposes directly relevant to that person's employment contract. Once their employment has ended, we will retain the file in accordance with the requirements of our Data Destruction Policy and then destroy it.

For people who make enquiries or requests under the Data Protection Act 2018

We may be asked by any person (including clients and former clients) what personal information we hold about them and about their rights under the Data Protection Act 2018. In order to respond to such enquiries we will normally ask for some personal data (and we may have to establish the person's ID) for example their name, address and email address.

Processing and sharing personal data via outsourced services that we use

The table below gives details

Outsourced service provider What data is used? Where is it stored? Is it shared further? How is it protected? When it is destroyed
Overflow telephony A record of our telephone calls Computer system No Service Level Agreement/ Terms and conditions of the provider Subject to our Data Destruction Policy
Compliance auditing We may share personal information for compliance and planned auditing purposes but only where this helps us to fulfil effectively our statutory and regulatory functions Computer system and paper records With Auditor Restricted access and Confidentiality Agreement As above
Our professional indemnity insurers Personal information may be disclosed but only where this helps up to fulfil effectively our statutory and regulatory functions Server, Case management database, Office premises With PII insurers Restricted access to paper and computer records As above
ID checks on clients and others We may use personal information provided to carry out credit checks via online search providers Server, Case management database, Office premises No Restricted access to paper and computer records As above
Payroll We may share personal information with those who provide this service to us. Computer system and banking records With accountants, HMRC and benefits agency Restricted access As above
Barristers and experts Certain client information to enable us to perform our professional services Sent securely to the Barrister or expert Yes: with the barrister or expert Subject to professional terms and conditions Data is either then destroyed by Counsel/ the expert or securely returned to us As above
Copying and binding services Certain information to enable us perform our professional services Sent securely to the service provider No Restricted access and Confidentiality Agreement N/A as data is returned.
Professional and Regulatory bodies Personal information may be disclosed to our regulators, the Legal Ombudsman, enforcement or government agencies, other regulators or others with a legitimate interest who may keep a record of that information. Server, Case management database, Office premises We only share information where it is lawful for us to do so, such where it is necessary to do so as part of our, or a third party's, statutory or public function or because the law permits or requires us to. In most cases, we will tell the person whose information we hold that we are sending their information somewhere else. Restricted access Subject to our Data Destruction Policy
Costs Draftsman Certain information to enable us to perform our professional services Sent securely to service provider No: all data returned Subject to professional terms and conditions As above

Holding data about people when we did not obtain it from them

If we hold personal data about you (for example it has been given to us by someone else, rather than by you directly), we have to provide you with some information, unless you hold that information already. That data will be stored in accordance with our Data Destruction Policy. It is processed on the basis of our legitimate interest: normally that will be for the purposes of progressing our legal work for the client concerned.

You have a right to know what personal data we hold about you, for it to be corrected if wrong and you have a right to know where that data came from. You have the right to lodge a complaint with the Information Commissioners Office at https://ico.org.uk/.

People who email us

Any email sent to us, including any attachments, may be monitored and used by us for reasons including IT security, appropriate use and for monitoring compliance with our office email policy. Email monitoring, system security and blocking software may be used.

Knowing your rights under data protection

As an individual, you have these rights:

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object;
  • rights in relation to automated decision making and profiling.

There is a lot more information on these rights on the Information Commissioner's website at https://ico.org.uk/.

Your rights in more detail.

Your right to be informed

You have a right to be informed as a data subject of the data we hold and process about you. This policy document is intended to do that. If you have any questions, or if you feel that this Policy does not deal with your concerns or questions, please contact our Data Protection Manager on the contact details below.

Your right of access to personal information

We try to be as open as we can about giving people access to their personal information. Individuals can find out if we hold any personal information by making a request under the Data Protection Act 2018. If we do hold information about you we will:

  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information.

To make a request to us for any personal information we may hold please contact the Data Protection Manager (contact details above). If you agree, we may try to deal with your request informally, for example by providing you with the specific information you need over the telephone. We will still need to verify your identity if we do this. We will need to satisfy ourselves as to your identity. Please therefore send us proof of who you are so that we know we are sending the information to the right person. We accept the following as proof:

  • a copy of your birth certificate;
  • a copy of your passport;
  • a copy of your driving licence.

Please do not send us original documents. You will also need to let us have a postal or email address so that we can send you the information. We ask that you mark the covering envelope or email as 'Confidential'.

Your right to rectification

This is a right to ask us to correct any wrong data we hold about you. You can ask us to correct any mistakes by contacting the Data Protection Manager.

Your right to erasure

This is a right to ask us to restrict the processing of any data we hold about you. You can ask us to do this by contacting the Data Protection Manager.

Your right to restrict processing

This is a right to ask us to restrict the processing of any data we hold about you. You can ask us to do this by contacting the Data Protection Manager.

Your right to data portability

You have a right to ask us to transfer certain data to another organisation. You can ask us to do this by contacting the Data Protection Manager.

Your right to object

When and if we process your data based on our legitimate interests, you have a right to object to that processing. You can ask us to do this by contacting the Data Protection Manager.

Your rights in relation to automated decision-making and profiling

You have rights where your data is involved in automated decision making and profiling. As we do not collect or process your data for that purpose, the right will generally not apply to data we hold on you. If it does, then you can ask us to do this by contacting the Data Protection Manager.

Changes to this privacy policy

We will not notify you if this Policy is updated. The latest version appears on our website. We keep all our policies under regular review.

This Privacy Policy is V1 and was created 28th March 2019.

It is due for review on 31/03/2020.