This Privacy Statement describes how we as controllers of your data, collect, use and look your personal data, the lawful basis for processing it and your rights.
To assist you further in understanding this Privacy Statement, we have included a glossary of terms used and the lawful basis upon which we may process data at the end of this Privacy Statement.
Data Protection Contact
We have appointed a data privacy manager (DPM) and if you have any questions about your privacy or how we handle you data, or would like to exercise any of your rights, please contact our DPM in writing either by sending an email to privacy@myerson.co.uk or a letter addressed to the Data Protection Manager, Myerson Solicitors LLP, Grosvenor House, 20 Barrington Road, Altrincham, Cheshire, WA14 1HB.
You have the right to make a complaint at any time to the ICO. However, we would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Personal information we collect about you
Depending on the nature of our relationship or potential relationship with you, we may collect, store and use the following types of personal information:
- personal contact details such as name, maiden name, title, email addresses, home address and previous address and telephone numbers and identification documents (such as driving licences, passport and utility bills), that allows us to contact you directly and comply with our legal obligations when contracting with you;
- date of birth, marital status;
- records of your interactions with us such as telephone conversations, emails and other correspondence and your instructions to us;
- any credit/debit card and other payment details you provide so that we can receive payments from you and details of the financial transactions with you;
- records of your appointments (such as directorships, shareholdings etc);
- credit history which we may obtain from third parties as part of our due diligence and vetting before we contract with you;
- records of your attendance at any events hosted by us and your marketing preferences so that we know whether and how we should contact you;
- such other personal information that you provide to us as part of our contract with you for the purpose of us providing legal services to you, or, you providing goods and/or services to us (or our clients);
We also collect, use and share aggregated data. However, if we combine aggregated data with your personal data so that it can directly or indirectly identify you, we will treat this as your personal data.
Special categories of personal information
If you are a client or prospective client, we may also collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your race or ethnicity, religious beliefs and sexual orientation; and
- information about your health, including any medical condition, health and sickness records, medical records and health professional information.
Collection of these special categories of personal data will depend on the nature of the legal advice you require. We will only process special categories of personal data where:
- it is necessary for the establishment, exercise or defence of legal claims; or
- we have your explicit consent. By instructing us to act on your behalf, you are giving your consent for us to process such information to the extent it is necessary in order to provide our services to you. You do not have to provide such information, but we may not be able to advise you fully if we do not have all of the information we require.
Failure to provide personal data
If we are required by law, or under the terms of our contract with you, to collect your personal data and you fail to provide it, we may not be able to enter into or perform our contract with you and (where you are a client), we may have to cease acting for you. We will notify you of this at the relevant time.
How we collect your personal data
We collect personal data in a variety of ways including the following:
- directly from you when you call or attend our office, make an enquiry with us, use our website or otherwise correspond with us;
- from publicly available sources such as Companies House, the ICO and the UK intellectual Property Office;
- third parties and search engines such as bankruptcy search providers, credit reference and money laundering agencies, solicitors, accountants, expert witnesses and other third parties that we have arrangements in place with.
If you are providing us with details about other people including children, next of kin, beneficiaries or family members, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share their information. Therefore, please share this Privacy Statement with them where you feel they are sufficiently mature to understand it. Such individuals have the same rights as you and these are set out below.
How we use your personal data
We will only use your personal data when the law allows us to and we have set out below examples of how we use your personal data, what personal data we use and the lawful basis for doing so.
We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your information.
Marketing
We will only send marketing communications (whether by post or email) to you where you have (i) signed up to our mailing list; (ii) signed up to our newsletters; (iii) instructed us to provide legal services and you have not opted out of receiving such communications; or (iv) given your consent otherwise. We may also send you invites to our events. Please let us know if you do not wish to be included in our event mailing list. You can withdraw your consent at any time by clicking the unsubscribe button in the particular email or by contacting us.
We will not share your personal data with third parties for their marketing purposes.
Change of purpose
We will only use your personal data for the purpose that we originally collected it for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to use your personal data in this manner.
We may process your personal data (without your knowledge or consent) where this is required or permitted by law.
Sharing your personal data
We may need to share your personal data with third parties in order to provide our services to you, to receive goods or services from you or as necessary for our legitimate interests. Such third parties include;
- The Courts, Counsel, Solicitors, Experts, Quantity Surveyors, Insolvency Practitioners and Accountants;
- Companies House, the ICO and HM Revenue and Customs;
- Bankruptcy search providers, Credit Reference and Money Laundering Agencies and other search providers; and
- Our service providers acting as processors, including IT (hardware and software) and Telecommunication, support service providers in order to operate and maintain our IT and Telecommunications systems and software.
Where we engage third parties to process data or our behalf, we will ensure wherever possible by entering into appropriate agreements with such third parties, that they take such measures to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only allow them to process your personal data for specified purposes and in accordance with our instructions.
International transfers
Some of our external third parties providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA. We will only transfer your data outside of the EEA where we have your explicit consent.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring they are of reputable standing and committed to protecting your privacy and we require at leastone of the following safeguards to be implemented:
- the country has deemed to provide an adequate level of protection for personal data by the European Commission or your data has been transferred to;
- specific contracts approved by the European Commission are in place with the service provider which give personal data the same protection it has in Europe; or
- the transfer is to a US based service providers under the Privacy Shield.
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. However, we may be legally required to keep certain information (including contact, identity, financial and transaction data) for up to six years.
We may also anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. We can use anonymised information indefinitely without further notice to you.
Your legal rights
Under data protection law, you have certain legal rights in certain circumstances. If you wish to exercise any of your rights, please contact us. You will not have to pay a fee to exercise any of your rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee for this information or refuse to comply with your request.
We may request specific information from you to help us confirm your identity when you contact us. This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the following legal rights in relation to your personal data:
Lawful basis for processing and processing activities
The lawful basis upon which we may rely on to process your personal data are:
Glossary