Privacy Policy

This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.

For clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc.

This notice does not apply to any websites that may have a link to ours.

Who we are

Data is collected, processed and stored by Temple Heelis D.R. Ltd (Company Number 7762930, Registered Office 1 Kent View, Kendal, Cumbria, LA9 4DZ); and we are what is known as the ‘data controller’ of the personal information you provide to us.

What we need

The exact information we will request from you will depend on what you have asked us to do or what we are contracted to do for you. This notice is intended for clients and prospective clients only. We will comply with all applicable Data Protection Legislation including the General Data Protection Regulations (GDPR) and any UK implementing legislation.

There are two types of personal data (personal information) that you may provide to us:

  • Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth & contact details.
  • Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, health or criminal convictions.

In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However some of the work we do may require us to ask for more sensitive information, such as a personal injury claim.

Sources of information

 Information about you may be obtained from a number of sources; including:

  • You may volunteer the information about yourself
  • Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be:
    • Banks or building societies
    • Panel providers who allocate legal work to law firms
    • Organisations that have referred work to us
    • Medical or financial institutions – who provide your personal records / information

Why we need it

 The primary reason for asking you to provide us with your personal data, is to allow us to carry out your instructions – which will ordinarily be to represent you and carry out your legal work.

The following are some examples, although not exhaustive, of what we may use your information for:

  • Verifying your identity
  • Verifying source of funds
  • Communicating with you
  • To establish funding of your matter or transaction
  • Obtaining insurance policies on your behalf
  • Processing your legal transaction including:
    • Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
  • Keeping financial records of your transactions and the transactions we make on your behalf
  • Seeking advice from third parties; such as legal and non-legal experts
  • Responding to any complaint or allegation of negligence against us

Verification of your ID and Source of Funds

 We will require data from you to verify your identification, and, in some cases, to verify the source of funds (for example, for a transaction).

In some cases, it will be sufficient to supply identification verification documents to us directly, but in many cases we will use the services of a third party to conduct appropriate checks.

 Who has access to it

We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

Generally, (aside from any information we have shared with the third party carrying out ID verification) we will only use your information within Temple Heelis Solicitors. However, there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:

  • HM Revenue & Customs; e.g. for Stamp Duty Liability
  • Court or Tribunal
  • HM Land Registry to register a property
  • Providers of identity verification
  • Contracted Suppliers
  • Asking an independent Barrister or Counsel for advice; or to represent you
  • Non legal experts to obtain advice or assistance
  • Translation Agencies
  • Solicitors acting on the other side
  • External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc.
  • Bank or Building Society; or other financial institutions
  • Insurance Companies
  • Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
  • If there is an emergency and we think you or others are at risk

In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.

There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.

How do we protect your personal data

We recognise that your information is valuable and we will take all reasonable measures to protect it whilst it is in our care.

We have tried and tested standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.

We use computer safeguards such as firewalls, and we enforce, where possible, physical access controls to our buildings and files to keep data safe.

How long will we keep it for

 Your personal information will be retained, usually in computer and/or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us.

Our general policy is not to destroy files or delete data until the expiry of 16 years from the date your file is archived.  The period may be longer in certain circumstances which include:-

  • A probate file with a will trust likely to last more than 16 years into the future.
  • The settlement of a claim on behalf of a person under a disability where full capacity will not be achieved within 16 years.
  • A claim where provisional damages have been awarded with the right for the client to return to the Court for further damages at a date more than 16 years into the future.
  • Wills and probate/administration files are not to be destroyed and data is not to be deleted at all without specific partner approval.

If you provide us with personal information as a prospective client, but do not then instruct us and we do not open a file for you , we will retain the information in manual form only for a period of no more than 2 months from the date we received the same from you.

 What are your rights?

 Under GDPR, you are entitled to access your personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing addressed to our Data Protection Manager Col Shaw, email: privacy@templeheelis.co.uk, telephone number 01539 723757; or contact the person dealing with your matter.

A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.

Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:

  1. The right to be informed: which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data

 

  1. The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete

 

  1. The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
  • Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
  • Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
  • Where you object to the processing and there is no overriding legitimate interest for continuing the processing
  • The personal data was unlawfully processed
  • Where you object to the processing for direct marketing purposes
  1. The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
  • An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
  • You must have an objection on grounds relating to your particular situation
  • We must stop processing your personal data unless:
    • We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
    • The processing is for the establishment, exercise or defence of legal claims.
  1. The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
  • Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
  • Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
  • Where processing is unlawful and you request restriction
  • If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim

Complaints about the use of personal data

 If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Manager who will investigate further. Our Data Protection Manager is Col Shaw and you can contact them at privacy@templeheelis.co.uk.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).

Marketing data

 We may contact you for the purpose of direct marketing. This means that we may use your personal data that we have collected in accordance with this privacy policy to contact you about our products or services, events etc. which we feel may interest you. The direct marketing communications may be provided to you by social media channels, email or post. We will never pass on or sell your details to a third party.

How we collect personal data

 The following are examples, although not exhaustive, of how we collect your personal information:

  • Sign-up to receive one of our newsletters
  • Submitting an online enquiry
  • Following/liking/subscribing to our social media channels
  • Take part in one of the competitions or promotions we run on the website or on our social media channels
  • Agree to fill in a questionnaire or survey on our website
  • Ask us a question or submit any queries or concerns you have via email or on social media channels
  • Post information to the our website or social media channels, for example when we offer the option for you to comment on, or join, discussions

Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.

How we may use your details

 The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:

  • fraud prevention
  • direct marketing
  • network and information systems security
  • data /analytics /enhancing, modifying or improving our services
  • identifying usage trends
  • determining the effectiveness of promotional campaigns and advertising.

We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.

Your rights

You have the right to object to any part of this processing. Should you wish to do so please email privacy@templeheelis.co.uk.

How we protect your personal information

We will only ever use non sensitive personal information to target individuals with marketing materials; such as name, address, telephone, email, job description and previous buying behaviours. Sensitive information or specific details will never be used to target marketing communications. We may use personalisation to collect analytics to inform marketing and produce relevant content for the marketing strategy to enable it to enhance and personalise the “consumer experience”.

If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our communications to you or contact us by emailing privacy@templeheelis.co.uk with your name and email address. Your details will be removed immediately. Once unsubscribed, you may still receive transactional emails from us regarding your legal case.

Any questions regarding this notice and our privacy practices should be sent by email to privacy@templeheelis.co.uk.

Temple Heelis is the trading name of Temple Heelis D.R. Limited a limited company registered in England and Wales with Registration No. 7762930. Authorised and regulated by the Solicitors Regulation Authority, SRA Number 618632.  Vat No. 983 5809 70.