1. Introduction

 

  • Kidd & Spoor Solicitors Limited are committed to respecting your privacy and protecting your personal data. This privacy policy tells you how we will do so, including how we will look after your personal data, how we will process and use it, how and when we will transfer and share your personal data and the rights that you have in relation to this under the UK GDPR and Data Protection Act 2018.

 

  • This notice applies to all your personal data used in connection with our services however it is obtained by us, including any data you may provide through our website, when you meet with us, or when you contact us by phone, by post or using email, or any data provided to us by a third party.

 

  • For the purposes of the UK GDPR and Data Protection Act 2018 we are the data controller and in certain circumstances the processor of your data.

 

  • If we ask you to provide personal data, then we will only use that information in accordance with this privacy notice.

 

  • Please note that this notice may be updated from time to time.

 

  • Please note that it is important that the personal data we hold about you is accurate and current. For this reason, please ensure that we are kept informed of any changes to your personal data during your relationship with us.

 

  1. Who we are

 

  • Kidd & Spoor Solicitors Limited is regulated by the Solicitors Regulatory Authority (621474) and registered in England & Wales at Companies House under number 09500107 and with its registered address at 7 Marden Road, Whitley Bay, Tyne and Wear, NE26 2JN. We can be contacted by post at this address, or by telephone on 0191 297 0011, or by email at whitley.bay@kiddspoorlaw.com

 

  • Our Data Protection Officer is Paul Drabble and he is responsible for overseeing all matters in connection with this privacy notice. If you have any questions about this privacy notice, including any requests to the right to exercise your legal rights (see below), please contact him at drabble@kiddspoorlaw.co.uk.

 

  • Please note that you have the right to make a complaint relating to your personal data at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

 

  1. What is personal data?

 

  • Personal data is defined by the UK GDPR as any information relating to an identifiable individual (a “data subject”) as opposed to information about organisations, corporate bodies or others who are not individuals. An identifiable individual is one who can be identified, directly or indirectly, by reference to a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

 

  • Personal data does not include data where the identity has been removed (also known as anonymous data).

 

  • Further details about the UK GDPR, Data Protection Act and the nature of personal data can be found at the website for the Information Commissioner (www.ico.gov.uk).

 

  1. The Information we collect

 

  • We may collect use, store and transfer a range of information relating to you. The precise nature of that information may depend upon the type of matter in which we are, or will be, instructed. It may include, but may not be limited to:

 

  • Personal data – this may include your name, former/maiden name, username, other method of identification, passport/driving licence number, gender, date of birth, NI Number, marital status, employment status and nationality, photos, CCTV footage, call recordings. It may also include information relating to third parties with whom you have a connection.
  • Sensitive Data – this may include data relating to your ethnicity, religious beliefs, sexual orientation, medical records
  • Contact information – this may include your home address, workplace address, telephone and mobile numbers, email address, alternative contacts and social media details.
  • Financial information – this may include bank account details, payment card details, tax or NIS references, salary, savings and investments, sums owing to third parties and details of any previous bankruptcy or financial judgment.
  • Transaction details – including information relating to the matter in connection with which we are currently instructed, services provided to you previously both by this firm and others.
  • Miscellaneous information – including technical information relating to system used by the data subject, preferences and interests.
  • Marketing information – information used in connection with customer surveys and/or offers, information relating to the other services offered by us in which you might be interested and other marketing related information.
  • Aggregated Data – this may include statistical or management data that may be derived from your personal data. However, we do not consider this to be personal data as it does not directly or indirectly reveal your identity. Thus, your information may be used for management information purposes. Where Aggregated Data is combined with your personal data in such a way that it can directly or indirectly identify you, then we will regard such combined data as personal data and it will be processed entirely in accordance with this privacy notice.

 

  • This information will normally be collected from you by means of telephone, post, via email exchanges or other electronic communication methods.

 

  • We may obtain additional information about you related to your case from third party sources. For example, you may be introduced to us by an intermediary who provides information about your case, or we may use a third-party company to validate your identity, or to obtain evidence to support your case.

 

  • You should note that we will not routinely collect any data about you which comes within the definition of special categories of personal data and referred to in Article 9 of the UK GDPR. This includes details revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. If, however, this information is relevant to the matter in connection with which we are instructed then we may need to process that data, but we will obtain your explicit consent to do so. On occasion we may process data about criminal offences. As solicitors we are officers of the court and process any such information in this capacity.

 

  • Please note that if you fail to provide us with any personal data that is required by law, or under the terms of a contract we have with you then we may be unable to carry out the contract we have or are trying to enter into with you. If this is the case, then we may have no option but to cancel the provision of services to you. Should this occur, we will notify you if this is the case at the time. Note that our costs in relation to any services provided to you up to the time at which we can no longer act will remain owing notwithstanding the termination.

 

  1. How we collect information

 

  • We obtain personal data in several different ways. These include:

 

  • By direct contact – personal data is provided by you either in person, corresponding with us by post, by email, by completing a form, by completing an online application or form, by telephone, via social media or otherwise.
  • From third parties or publicly available sources – we may obtain personal data about you from third parties (for example when we obtain your medical records in connection with a personal injury claim, or from an estate agent acting in connection with your sale or purchase of a property) in connection with the provision of services by us to you. We may also obtain or receive information from publicly available sources such as Companies House and HM Land Registry.
  • Using automated technologies – your interaction with our website may automatically collect Technical Data about your equipment, browsing actions and patterns which we can collect by using server logs and other similar technologies.
  • From identity checking providers – such as Infotrack, Thirdfort, Experian and other similar services.
  • From other parties involved in a matter.

 

  1. How we use your data

 

  • We will only use your personal data when we are permitted to do so, and the law allows. Most commonly, we will use your personal data in the performance of the contract we have entered into with you, or are about to enter into with you.

 

  • The basis upon which we will rely in processing and handling your personal data will usually be:

 

  • Because the processing is necessary for the performance of a contract to which you are a party or to take preliminary steps with a view to entering into a contract with you.
  • Where we need to comply with a legal or regulatory obligation to which we are subject.
  • Where the processing is necessary in order to protect your vital interests or those of another natural person.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

 

  • We will not normally rely on consent as a legal basis for processing your personal data other than in relation to sending marketing or other information to a prospective client. If this applies, then you have the right to withdraw that consent at any time and you should contact us should you wish to do so.

 

  • We may need to rely on more than one legal basis in order to process your personal data for the specific purpose for which we are using it. Should you require more details concerning this, or if you would like details about the specific legal bases upon which we will be or are relying, then please contact the Data Protection Officer referred to above.

 

  • In addition to the general provisions set out above, the following are specific situations in which we may process your personal data:

 

  • registering you as a new client.
  • carrying out identity and credit checks.
  • generally providing legal services to you.
  • notifying you of any relevant policies and processes and any changes thereto.
  • addressing correspondence and related documents to other parties and opponents.
  • corresponding with other agencies such as the courts or Government agencies where relevant to the work we are doing for you.
  • maintaining the financial and other personal information we are required to keep on clients under the professional rules we are subject to and by law including our obligations to HMRC.
  • compliance with legal and regulatory obligations and good practice, e.g. gathering information as part of investigations by regulatory bodies.
  • ensuring business policies are adhered to (such as policies covering IT security and Internet use);
  • operational reasons, such as recording transactions, training and quality control.
  • ensuring the confidentiality of commercially sensitive information.
  • statistical analysis.
  • preventing unauthorised access and modifications to systems; updating and enhancing client records.
  • analysis to help us manage our practice.
  • statutory returns.
  • ensuring safe working practices, monitoring and managing staff access to system and facilities and staff absences.
  • staff administration and assessments, monitoring staff conduct, disciplinary matters.
  • credit reference checks via external credit reference agencies.

 

  • In most cases we will only use your personal data for those purposes for which it was acquired, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If this is the case, we are happy to explain to you how the processing for the new purpose is compatible with the original purpose.

 

  • If we need to use your personal data for an unrelated purpose, we will contact you and explain the legal basis which allows us to do so.

 

  • Where it is required or permitted by law, we may process your personal data without your knowledge or consent, in compliance with the above rules.

 

  1. Sharing your personal data

 

  • From time to time, it will be necessary for us to share your personal data with parties involved with the handling of your matter, and with others with whom we are under a legal or regulatory obligation to share such data. Those with whom that information will be shared may include, depending upon the circumstances:

 

  • service providers and introducers,
  • professional advisers including other lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, accounting and other professional services,
  • professional experts and those involved in the writing or provision of reports,
  • other contractors working for the firm,
  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom who require reporting of processing activities in certain circumstances,
  • HM Land Registry, Information Commissioner’s Office, Intellectual Property Office, Companies House, HM Courts and Tribunal Service
  • fraud prevention, credit reference and identity verification agencies,
  • regulators such as the SRA or ICO,
  • The Legal Ombudsman,
  • The Law Society,
  • mediation and arbitration service providers, and
  • employees of the firm.

 

  • We are relying on your explicit consent to share your personal data with third parties not referred to above. You provide this consent when required during the course of your legal transaction.

 

  • You have the right to withdraw this consent at any time, but this will not affect the lawfulness of any processing activity we have carried out prior to you withdrawing your consent but we may not be able to fulfil our contractual obligations to you if you do so. You can opt-out by contacting us by telephone: 0191 297 0011 or email: whitley.bay@kiddspoorlaw.com

 

  • In the event there is a change to our business, then any new owners may use your personal data in the same way as set out in this privacy notice.

 

  • Please be assured that we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

  • It is our policy not to transfer your personal data outside the United Kingdom and the European Economic Area (EEA) unless you instruct us to do so.

 

  1. Security

 

  • We are committed to ensuring that your information is secure.

 

  • All information you provide to us is stored on secure servers. All electronic devices used by us are Multi-Factor Authenticated (MFA) and password protected, and only authorised persons have access to those devices and passwords. Only strong passwords shall be used. Where more than one authorised person has access to one electronic device, each person will have their own password.

 

  • To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect from you.

 

  • Please note however that where you are transmitting information to us over the internet or sending it to us by email, this can never be guaranteed to be 100% secure. Accordingly, any transmission by these means is at your own

 

  1. Retention of data

 

  • Your data (including your case file) either stored in paper format and/or electronically on our case management system.

 

  • We retain your personal data whilst your case is ongoing and thereafter, we retain an electronic copy of our case file in accordance with our usual data retention periods, details of which are set out in our client terms of business and Schedule of Retention periods set out in the table below.

 

  • At the end of your case the paper file, except for some original documents which must be retained in a physical format (e.g. Wills & Title Deeds), is scanned and then stored electronically in our case management, and then confidentially destroyed.

 

  • We may, at our discretion, retain your paper file for a period not exceeding the data retention period applicable to your matter and set out in the table below.

 

  • In the event you do not instruct us in relation to a legal matter, then we will retain your personal data for a minimum period of 3 years.

 

  • Schedule of Retention Periods

 

Matter Type Statutory retention / best practice Retention period
Probate & Estate Administration Limitation Act 1980 12 years from date of file

closure
Wills (client file) Limitation Act 1980 Indefinitely
Wills (Original Wills) Best practice/Limitation Act 1980 Indefinitely
Trusts (client file) Best practice/Limitation Act 1980 Indefinitely
Original trust documents including deeds, original letter or memorandum of wishes and original paperwork completed by the settlor during creation of the trust including questionnaires, declarations and due diligence records Best practice/Limitation Act 1980 Indefinitely
Powers of Attorney Limitation Act 1980 Indefinitely
Family – no children Limitation Act 1980 7 years from date of file

closure
Family – where children involved Limitation Act 1980 7 years from child’s 18th birthday
Conveyancing – Purchase Limitation Act 1980 12 years from date of file closure
Conveyancing – Sale Limitation Act 1980 7 years from date of file closure
Complaint & Claim Files & Records Limitation Act 1980 7 years
AML Records/sanctions checks Limitation Act 1980 7 years from the date of file closure, unless our contract or relevant legislation says otherwise

 

  • At the end of the retention period, any physical documents and/or records, aside from those we are required to retain indefinitely, will be recovered from archiving and shall be confidentially destroyed. In relation to electronic files, these are deleted from our archive system at the end of the retention period and, within 30 days, overwritten on our back-up server.

 

  1. Your Legal Rights

 

  • In the event you are not happy with any aspect of our use of your personal data you have the right to complain to the Information Commissioner at ico.org.uk – Tel: 0303 123 1113

 

  • You also have the right to obtain confirmation that your personal data is being processed by us and obtain a copy of your personal data from us. This is known as a Subject Data Access Request or ‘SAR’ which will in normal circumstances be dealt with within one month of receipt, unless the matter is complex in which case we may notify you that we wish to extend by up to two months the time in which we will respond to that request.

 

  • Please note that until such time as we are satisfied that the person making the request is entitled to the information requested, we will not release any information or acknowledge whether or not such information is held by us.

 

  • Please note that we have the right to charge reasonable fees for additional copies of information that has already been supplied to you, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.

 

  • You also have various other rights in relation to your personal data which you may be able to exercise (depending upon the circumstances). These include:

 

  • the right to ask us to correct personal data that is inaccurate or incomplete. Where relevant, we will rectify the personal data in question, and inform you of that rectification, within one month of you informing us of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, you shall be informed.

 

  • the right to ask us to delete your personal data or stop processing it, unless it is necessary for us to retain it to comply with our legal obligations and/or the exercise or defence of legal claims. Unless we have reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and you will be informed of the erasure, within one month of receipt of your request. The period can be extended by up to two months in the case of complex requests. If such additional time is required, you shall be informed

 

  • the right to restrict our use of your personal data. You may request that we cease processing the personal data we hold about you. If you make such a request, our firm shall retain only the amount of personal data concerning you (if any) that is necessary to ensure that the personal data in question is not processed further. Please note that if the data is used in relation to your instructions to us then we may no longer be able to perform those instructions and may need to cease acting for you.

 

  • the right to object to us using your personal data. Where you object to us processing your personal data based on the basis of legitimate interests, we will cease such processing immediately, unless it can be demonstrated that our legitimate grounds for such processing override your interests, rights, and freedoms, or that the processing is necessary for the conduct of legal claims.