Privacy Policy

GOODALL BARNETT JAMES

PRIVACY NOTICE

We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:
• who we are,
• how and why we collect, store, use and share personal information,
• how you can get access to a copy of your personal data,
• and what you can do if you think the standards are not being met,

Who we are
GOODALL BARNETT JAMES (‘we’ or ‘us’) collect, use and are responsible for certain personal information about you. When we do so we are regulated under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws. We only collect this data to represent you in Criminal proceedings.

What information we collect
We collect and process personal data about you. Personal data, is information about you as an individual:
Individual details: name, address (including proof of address), other contact details (such as email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and family details including their relationship to you;
Identification details: Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number or driving licence number;
Financial information: Bank account or payment card details, mortgage details, income or other financial information;
Contractual data: Details about the services we provide to you and how you use our services, or details about any potential conflicts of interest;
Special categories of personal data: Certain categories of personal data which have additional protection under the GDPR. The categories are physical or mental health condition, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation. We will usually not ask you to provide special categories of personal data unless this is needed to advise you or deal with your case. If we request such information, we will explain why we are requesting it and how we intend to use it. Your consent will be necessary and you may withdraw your consent at any time. However, if you withdraw your consent, this may impact our ability to provide you with legal services;
Transaction Data: Details about payments to and from your accounts with us, how you use our services, and any claims you make;

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate information about how you use our services to calculate the percentage of clients utilising a particular service we offer. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.

Where we might collect your personal data from:
We might collect your personal data from various sources, including you (by completing forms with us), your family members, employer or the police by way of disclosure or accessing your police custody record. Which of these sources apply will depend on your particular circumstances, but most of the time the information will come from you,
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Why do we need this information about you and how will we use it
We may use your personal information for the following purposes:
• The provision of legal services, including setting you up as a client (along with possible fraud, sanctions, bankruptcy and anti-money laundering checks), client care, including communicating with you and sending you updates and documents, filling out forms and documents as necessary for your case.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Legitimate interest means the interest of our business in conducting and managing our business. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Who your information might be shared with
We may disclose your personal data to The Solicitors Regulation Authority, The Legal Ombudsman, The Law Society, The National Crime Agency, HMRC, our insurers, our accountants, medical organisations (if for example we need a report), and to other external organisations and firms who may conduct audit or quality inspections on our practice and our client services or provide services to us, and who are required to maintain confidentiality in relation to our files. We will share personal information with law enforcement or other authorities if required by applicable law. We will not share your personal information with any other third party unless necessary for your case or transaction and with your consent (for example if we need to instruct a barrister or an expert).

How long your personal data will be kept
We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to re-open a case, appeal etc, or where we are required to keep your personal data due to legal or regulatory reasons.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such personal information without further notice to you.

Reasons we can collect and use your personal informationWe are allowed to use personal information only if we have a proper reason to do so. You will find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so.
When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.

Reasons we can collect and use your personal information
We are allowed to use personal information only if we have a proper reason to do so. You will find below a list of all the ways that we may use your personal information, and which of the reasons we rely on to do so.
When we have a business or commercial reason of our own to use your information, this is called a ‘legitimate interest’. We will tell you what that is, if we are going to rely on it as the reason for using your data. Even then, it must not unfairly go against your interests.

 

What we use your personal information for Lawful Basis for Processing

including Basis of Legitimate Interest

Our Legitimate Interest
To register you as a new client (including performing anti-money laundering and bankruptcy checks), provide legal services to you and manage the relationship between us in relation to the provision of those services (a)         Performance of a contract with you

(b)         Necessary to comply with a legal obligation

(c)         Necessary for our legitimate interest

(a)     To perform conflict of interest checks

(b)     To be efficient about how we fulfil our legal and contractual duties

(c)     To maintain a client database to grow our business

To manage our relationship with you generally which will include:

(a)         notifying you about changes to our terms or privacy policy

(b)         asking you to leave a review or take a survey

(c)         developing and carrying out marketing activities

(d)         studying how our clients use our services

 

(a)     Performance of a contract with you

(b)         Necessary to comply with a legal obligation

(c)         Necessary for our legitimate interest

(a)     To keep our records updated

(b)     To study how clients feel about our services (Client care)

(c)     To develop and improve our services and grow our business

(d)     Complying with rules and guidance from regulators

To make suggestions and recommendations to you about services that may be of interest to you (a) Necessary for our legitimate interest (a) To develop our services and grow our business
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, adding and testing systems and processes, managing communications, corporate

governance, and audit

(a)     Necessary for our legitimate interest

(b)     Necessary to comply with a legal obligation

(a)     To improve the way our business works

(b)     To develop our services and assess the fees we charge

To exercise our rights set out in agreements or contracts (including: managing payments and charges, collecting and recovering money owed to us) (a)       Performance of a contract with you

(b)       Necessary for our legitimate interest

(a) To   recover debts due to us
To keep internal records (a)     Performance of a contract with you

(b)     Necessary for our legitimate interest

(c)     Necessary to comply with a legal obligation

(a)     To keep our records updated

(b)     To study how our clients use our services

(c)     To defend ourselves in the event of a claim or complaint

Governance and compliance:

(a)             To detect, investigate, report, and seek to prevent financial crime

(b)             To manage risk for us and our clients

(c)             To obey laws and regulations that apply to us

(d)             To respond to complaints and seek to resolve them

(a)       Performance of a contract with you

(b)         Necessary to comply with a legal obligation

(c)         Necessary for our legitimate interest

 

 

 

 

 

(a) Developing and improving how we deal with financial

crime, as well as doing our legal duties in this respect

(b)     Complying with rules and guidance from regulators

(c)     Being efficient about how we fulfil our legal and contractual duties

To defend ourselves in the event of a claim or complaint

To provide information to agents or contractors so that they can assist us with providing our services, comply with our legal obligations, or run our business (a)     Performance of a contract with you

(b)         Necessary to comply

with a legal obligation

(c)     Necessary for our legitimate interest

a) Running our business, providing IT and administration services, network security

 

If we process any special categories of personal data, we will only do so under one of the following legal grounds:

 

Substantial public interest (a)Using criminal records data to help prevent, detect, and prosecute unlawful acts and fraudulent behaviour
Responding to regulatory requirements (a)     Showing whether we have assessed your situation in the right way

(b)     Passing information to the regulator as needed to allow investigation into whether we have acted in the right way

Legal claims (a) Using any special categories of data as needed to establish, exercise or defend legal claims
Consent (a) Telling you that we need your consent to process special categories of personal data, when that is what we rely on for doing so

Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Keeping your data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
While we will use all reasonable efforts to safeguard your personal data, the use of post or emails and the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us (see ‘How can you contact us?’ below).
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

Will your personal information be transferred to other countries?
We may need to share personal information with third parties in both the UK and internationally for a variety of reasons. We require third parties to respect the security of your personal information and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We may transfer the personal information we collect about you to countries outside the EU in order to process your personal information on one of the grounds listed above. It is possible that the European Commission will have deemed such countries adequate. This means we can transfer your personal information to those countries as they will provide an adequate level of protection for your personal information.
However, not all countries to which we may transfer your personal information will be deemed adequate by the European Commission. To ensure that your personal information does receive an adequate level of protection we will put in place standard contractual clauses approved by the European Commission with those third parties wherever necessary. This ensures that your personal information is treated in a way that is consistent with and which respects the applicable laws on data protection.
What happens if you choose not to provide us with personal information or are unable to provide us with personal information?
If you fail to provide certain personal information when requested, we may not be able to perform the agreement we have entered into with you, or we may be prevented from complying with our legal obligations.

What rights do you have?
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please see the “How to Contact Us” section and let us have enough information to identify you:
1. contact our Data Protection Manager (see “How to Contact Us”);
2. let us have enough information to identify you (for example your name and what services we provided to you or when);
3. let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
4. let us know the information to which your request relates, including any reference number if you have this.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that
personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

How to complain
We hope that our Data Protection Manager can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.

Changes to this privacy notice
This privacy notice was last updated on 26 May 2018. We may change this privacy notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

How to contact us
Please contact our Data Protection Manager, KIM GOODALL, if you have any questions about this Privacy Notice or the information we hold about you, or if you would like this notice in a larger print. If you wish to contact us, please write to us at GOODALL BARNETT JAMES, 59 LONDON ROAD ST LEONARDS ON SEA, TN39 6AY or email us at hastings@gbj-crime.co.uk