We also will process data given to us by our clients under their instruction in the course of providing services to them. When we do this, we are a data processor, which accounts for most of our processing activity.
Information collected by us
We may collect personal data about you as follows:
• Your name and contact details (including your address, email and phone numbers);;
• Personal information that may be included in communications with us;
• Information you provide to us under your instruction in the course of providing services to you;
• Details of services that we provide to or receive from you, or that we are arranging to provide or receive from you;
• Payment information and financial information that relates to our relationship including bank details, bank account
• Personal information given to us in relation to working at Dixon Rigby Keogh such as your CV, answers to any tests or assessments, education, training, employment history and information given in interview and meetings we may have with you.
You may also give us information that is classifies as ‘special categories’ under GDPR however we do not routinely do this. We will explain this to you if we need to start processing this type of data, or if we are acting as a Data Processor then the Data Controller will explain this to you.
Information Collected From Other Sources
We may also collect the same categories of information from third parties such as:
• Your employer or authorised individuals in a business you work for or own;
• Public bodies such as the SRA, Companies House and the Law Society;
• Recruitment companies and public CV publishing companies and websites;
• Information on public record, including professional networking sites;
• Suppliers of goods or services;
• Accountants and other professional advisers;
• Our clients.
Even if we have not had direct contact with you and are processing data given to us by a third party for a purpose and with a legal basis outlined below, the contents of this privacy notice will still be in effect. We look after all personal data in the same way, regardless of where it has come from and whether we are acting as a data controller or a data processor.
How We Use Your Personal Information
We use your personal information for the following purposes:
• To arrange the provision of legal services;
• To comply with our legal responsibilities to regulatory bodies;
• To promote and market the services of Dixon Rigby Keogh;
• To manage matters relating to our payroll and employment, including our legal responsibilities as an employer and our obligations to HMRC;
• To engage with individuals who want to work at Dixon Rigby Keogh;
• To engage with partners that supply us with good and services;
• To manage any queries or complaints you have about the services you receive;
• To train and develop our staff at Dixon Rigby Keogh;
• To monitor the quality of service we deliver to you, and ensure it meets your expectations;
• To comply with legal obligations to act in the public interest and uphold the rule of law.
Legal Reasons We Collect And Use Your Personal Information
We have a legal basis for all the data we process. We rely on a different legal basis depending on the data we are processing and the reason we are processing it. We rely on the following legal basis in these circumstances:
In some cases you will give us consent to use your information in a certain way. If you have given us consent to use your data in a certain way, and we have no other legal basis for doing so, we will rely on your consent. The activities where we rely on your consent are:
Sending you marketing information including offers and information about our services.
Processing job applications. You can withdraw consent at any time however please be aware we will be unable to process your application if you do so.
You always have the right to withdraw your consent at any time. If you wish to withdraw your consent then please contact us using any of the details below (‘Get in touch’).
We will rely on our legal obligations to process information for the following purposes:
Complying with our responsibilities to regulators and under applicable legislation. Complying with our legal obligations as an employer.
Complying with obligations to HMRC regarding records keeping of our financial activity, including information relating to transactions, billing and payments.
Defending a legal claim or upholding the rule of law.
PERFORMANCE OF A LEGAL CONTRACT
We will process information that relates to the services we are providing you with, or receiving from you, that are bound by our engagement with you (legal contract). The areas where we are processing data to enter into, or fulfil a legal contract are:
Delivering services to you under contract and keeping you updated with changes or information relating to those services.
When we are processing information from you to arrange a contract between us, such as when you give us your details to enter into an agreement for services with us.
Performance of any legal contract as a supplier or customer.
We may rely on a legitimate interest to process information. When we do this we will have assessed our legitimate interest to consider the rights and freedoms of the data subject.
We rely on legitimate interest to train our staff so that they can provide an exceptional service to all of our clients. There may be scenarios relating to their engagement with you which we review with them as part of training and development.
We rely on legitimate interests in some cases to invite you to certain events such as webinars and seminars. Our legitimate interest is to provide information to our clients and contacts that will support their use of our services and that could be of benefit to them.
WHO WILL WE SHARE YOUR PERSONAL INFORMATION WITH?
We take client confidentiality very serious and will not share any information entered into any of our software or platforms unless required to do so by law. Other information we process we may share with:
• Professional advisers, advisers and consultants that help us to manage Dixon Rigby Keogh and achieve our objectives as a business;
• 3rd parties we are working on your matter in conjunction with including experts, barristers, banks, building societies, mortgage lenders, estate agents etc.,
• Training agencies that help us to develop our staff and services;
• Our accountants and solicitors that are engaged by us to provide services required by law, such as filing financial information with HMRC;
• We may use data processors, such as software providers, in the course of running the business including CRM providers, email communication platforms, social media platforms and help desk management systems;
• We will use 3rd party hosting providers to provision and host our software and platforms;
• Storage and archiving providers to ensure your information is protected securely and backed up.
Any partners, suppliers or third parties we share data with will be bound by strict agreements that meet the requirements of GDPR, and will be monitored for performance with those agreements.
We will share personal information with official bodies if required by law including the SRA, ICO, the police, law enforcement and intelligence agencies.
HOW LONG WILL WE STORE YOUR PERSONAL DATA?
We will only keep your information for as long as necessary to complete the purposes we have described above. We use the following retention periods and review these periodically to make sure we are only keeping what we need (If information can be kept for two different periods, we will keep it for the longer of those two periods):
• Client information – We will keep information about you as our client for a period of 6 years after our contract with you ends unless we have another legal basis to process that information;
• Advice – We will keep any information relating to client advice we have given for a period of 6 years after the date of the advice, or for any limitation period plus 1 year, whichever is longer;
• Financial Transactions – Information about you and any financial transactions, including fees paid and payments for services, we will keep for a period of 7 years to comply with HMRC requirements to keep accurate records that can be audited;
• Contact information – Information used in marketing with your consent or to pursue a legitimate interest will be kept for 30 days once you have withdrawn your consent.
Under the GDPR, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
• Transparency over how we use your personal data and fair processing of your information (which includes the right to be given the information in this notice)
• Access to your personal information and other supplementary information;
• Require us to correct any mistakes or complete missing information we hold on you;
• Require us to erase your personal information in certain circumstances;
• Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
• Object at any time to processing of your personal information for direct marketing;
• Object in certain other situations to the continued processing of your personal information;
• Restrict our processing of your personal information in certain circumstances;
• Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way;
If you want more information about your rights under the GDPR please see the Guidance from the Information Commissioners Office on Individual’s rights under the GDPR.
If you want to exercise any of these rights, please contact us (see ‘get in touch’ for contact details) and let us know who you are and what right you want to exercise. We may need to ask for additional information regarding your identity, and we may also need some information from you on specific categories of data, types of processing activities or periods of processing activities that you wish to focus your request around.
We will respond to you no later than one month from when we receive your request.
HOW TO MAKE A COMPLAINT
If something does go wrong or you are in anyway unhappy with how we have treated your data then please do not hesitate to contact us
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The UK supervisory authority is the Information Commissioner’s Office who can be contacted at https://ico.org.uk/concerns/.
CHANGES TO THIS PRIVACY NOTICE
This privacy was published in May 2018. It is due for review no later than May 2019. We regularly review our internal privacy practices and may change this policy from time to time. When we do we will inform you by updating our website and telling you in any documentation or messages we send you.
GET IN TOUCH
If you have any questions about this privacy notice or the information we hold about you, please contact us and let us know it is in relation to your data. We will make sure you speak to the right person:
By Post: By Email: Phone:
Dixon Rigby Keogh, 32 High Street, Northwich, Cheshire, CW9 5BL email@example.com