Kitson & Trotman LLP takes your privacy very seriously and is committed to collecting only the minimum information necessary and processing1 it securely. We want you to know and be in control of how and why your personal information is used by us. If you have any queries or would like further information just ask. Please note we are not responsible for any third parties with whom your data is shared. You should receive a similar privacy notice from them which will tell you how they handle your data.
This particular Privacy Notice tells you this information, in general terms, when we communicate about the possibility of providing services or products to us under contract or for the actual provision of them. It also tells you your Data Protection Rights and how you can exercise them.
As well as collecting personal information from you, we may receive information about you direct from another party too. In such cases, and where it is lawful, appropriate, practicable, and proportionate to do so, we will make you aware that such information has been provided and give you the relevant details including the source. If you provide us with personal information about another person, in some cases, we may have to tell them we hold this information, and provide them with a Privacy Notice too. Please let us know, at the time, if informing them in this way is likely to cause you any problems or difficulties.
If you want more specific information about how your personal data has been processed including with whom it has been shared, then please let us know using the contact details below. Our full privacy notice will be on our website which can be found at https://kitsonandtrotman.co.uk or https://ktlaw.co.uk.
1: 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Our Contact Details for Data Protection Matters
Kitson & Trotman is the Controller, under data protection law, for all the personal information about you that it processes, unless otherwise stated. Data protection and privacy matters are handled by our Compliance Officer for Legal Practice (COLP) who can be contacted in the following ways:
- By post at our Beaminster office:
- By telephone on 01308 862313;
- By e-mail at email@example.com;
- Using the website form on https://kitsonandtrotman.co.uk/ or https://ktlaw.co.uk
2. What Personal Information We Collect and Why
|Type of personal information obtained||Reason for collection||Legal basis for collecting||Why it may be shared||Comment|
|Your name and address and contact details||
To be able to: -
Details shared, as necessary for the effective management of our business and contractual relationship with you, such as to our clients or other service providers who need to know who you are as part of the service or product you provide.
This is both in relation to the business (where sole trader or partnership or the direct contact where it is a company as well as the details of specific staff with whom we will have contact during the contractual relationship (and perhaps afterwards).
|Financial information such as bank details and also, where appropriate financial information so we can assess your financial viability where such is relevant to the decision whether to use your services||Necessary to allow secure payments from/to you, to identify payments/receipts in our records; for audit purposes; to carry out required checks and screening for financial reasons and other sanctions or embargoes;||
||For the effective management of our business and relationship with you or required by law, such as our bankers and administrative staff or other service providers.||The degree of information required will depend upon the value of the contract; the past experience of using the service provider and any other matter where a higher level of checks are considered sensible|
Details of the services or products provided (where this amounts to personal information) e.g. we may require evidence of qualifications of individuals or may only accept named individuals
Necessary so we can check the provision of services or products meets our business needs and any legal requirements.
In some services where the basis is an on-going personal relationship with our staff, such a support desk for IT, it will be important that staff know with whom they are dealing and can build a positive relationship.
|As above||As necessary within the firm to monitor delivery of the services (and deal with issues in performance); to make payments; to deal with issues and in the provision of references to others||The records held will usually be minimal and likely to amount to names, email addresses and perhaps location however the nature of the contract will determine the extent of the information held|
|Other personal information not listed above but relevant to the services or products provided||The reasons will be explained at the time if necessary providing it is lawful and reasonable to do so||As above but may also be another legal basis which would be provided at the time if it is lawful to do so||As above||To complete Form E and Form D81 and generally deal with the Family Procedure Rules relevant to your case|
|Other personal information not listed above but relevant to your case||The reasons will be explained at the time if necessary providing it is lawful and reasonable to do so||As above, but may also be another legal basis which would be provided at the time if it is lawful to do so||As above but may also be shared with someone outside the list provided below where necessary and appropriate. Details to be provided at the time if it is lawful to do so|
We will tell you if providing some personal data is optional including if we need your consent to use it. Where the legal basis for processing your personal information is, solely, your consent then you may withdraw that consent at any time by letting us know. Where providing personal information is a statutory or contractual requirement, or essential to progress the matter in hand, then, we will explain the consequence of failing to provide the information requested, so you can make an informed decision. Please note that any actions we may have taken before your consent was withdrawn will remain valid.
We will not use sensitive personal information which is classed as Special Category Data such as information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, any trade union membership, health or sex life or sexual orientation unless it is lawful to do so and necessary to the matter with which we are dealing. We do not expect this type of information to be required as part of our service provision relationship but, if it is, we will make you aware of this fact and the legal basis for its use e.g. for our equality and diversity monitoring.
2: Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular client and website, and can be accessed either by the web server or the client computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
3. Sharing your personal data
Your information may be shared, internally, as necessary, so we can manage the matter in question efficiently and for our own legitimate business purposes. We will never sell your personal data to a third party but it is often necessary to disclose your personal data to others, such as other professional, regulatory or statutory bodies, when we:
- have to meet our legal obligations or maintain the professional standards for our services; and/or
- wish to address our legitimate business interests or those of another party.
Where we use another service provider to provide services to us, such as IT or internet providers, and that involves the processing of your personal data, we take reasonable steps to ensure that such data is processed in line with the relevant law; and, where necessary, is subject to a legal agreement containing suitable security measures.
The list below should not be seen as definitive but will give a flavour of the sharing that normally occurs for the provision of services or products:
- Employees of the firm including temporary staff, casual staff, locums, trainees, work experience placements etc;
- Other service providers whose service may have some involvement with your firm/business/organisation e.g. our bank in making payments to you or our auditors in checking records;
- Regulatory bodies or assessors who may check records as part of their role in ensuring our competence and that we meet the requisite quality standard;
- The police and other law enforcement agencies where necessary to combat fraud and other crimes;
4. Overseas Transfers
In the normal course of business, we do not transfer your personal data overseas unless it is at your request; it is necessary to carry out your instructions; for any legal reasons such as a court order; to combat crime etc.; or where the internet or other IT service provider such as Microsoft is based or stores information overseas. We take reasonable care to ensure that such transfers are secure and that there are adequate safeguards in place to protect your rights and freedoms, where possible, such as contracts with service providers based overseas.
Our computer backups are stored ‘in the cloud’ which is based in the European Economic Area (EEA) and conforms to the required security standards or otherwise meets EU adequacy requirements.
Where we become aware that any information has been or is to be transferred overseas, other than as is set out above, we will inform you and give you more details of the security measures in place to protect it, provided it is lawful and proportionate to do so.
5. Retention of your Personal Data
We will retain your personal data while you are providing services or products to us, for the fulfilment of the contract we have with you and for the effective management of our relationship and our business.
Once our business relationship with you ends, we will retain it for 6 years after the closure of your file. We may, then, destroy, securely, such personal information. We may be required, or wish, to keep your personal data for a longer period such as in the event of legal proceedings or claims.
6. Your Data Protection Rights
Your rights in law are listed below. Please let us know - see section 1 above - if you want more information or if you wish to exercise any of your rights. Please note that not all the rights apply in all circumstances.
- The right to be informed about how we process your personal data;
- The right to have your personal data corrected if its inaccurate or completed if it is incomplete;
- The right to request access to your personal data and information about how we process it;
- The right to object to our processing of your data;
- The right to restrict how we process your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to move, copy or transfer your personal information electronically where possible (“data portability”;
- Rights in relation to automated decision-making including profiling. N.B We do not use automated decision making nor do we profile our clients so this right will not be applicable;
- The right to lodge a complaint with the Information Commissioner who can investigate and deal with failures to follow the law’s requirements.
Please see the UK Information Commissioner’s Office website at www.ico.org.uk for more details. We do hope if you are unhappy about our service that you will let us know first so we have a chance to investigate and put things right.
If you are an existing service provider we may contact you about products, services or special events we think might be of interest to you. Please let us know if you would rather not receive such information or if you wish to express a preference as to the type of information we send or how it is sent by contacting us as shown above in Section 1.
If you register with us through our website or become a new provider, then, at that point, we will invite you to ‘opt into’ such marketing and ask you about your preferences and let you know the choices available. You can change your mind at any point by just letting us know and we will make the change as soon as possible; or if you change your mind at a later date just follow the same procedure to let us know.
8. How we protect your information
We use reasonable and proportionate measures to safeguard your personal information such as raising staff awareness to the risks of holding data/information and encryption of the information where appropriate. You should be aware, however, that the use of the Internet such as via email or a website, is not secure and, for this reason, although we take reasonable steps to protect the information we send you, we cannot guarantee its security. Any information you choose to send to us via the Internet is at your own risk.
In addition, we have no control over the privacy practices of any of the persons, companies or bodies etc. with whom it is necessary to share your information. We will take reasonable steps, however, to ensure any transfer of data from us is reasonably secure.
In line with good practice, we back up the data that we hold electronically, to prevent its inadvertent loss such asthrough a power outage during thunder storms. The store is ‘in the cloud’ however the ‘cloud’ is based in the European Economic Area (EEA) and conforms to the required security standards or otherwise meets EU adequacy requirements.
9. Complaints about how we handle your information
If you are unhappy about any other aspect of our service, please let us know. If you believe that we have breached your privacy rights, please tell us contacting Compliance Officer using the details set out in section 1 above.
If you are not happy with our response, or you want to contact the Information Commissioner’s Office, which regulates and enforces data protection and privacy law in the UK, you can find details about how to do this at www.ico.org.uk.
10. Changes to this privacy notice
We will amend this privacy notice from time to time to make sure it is up to date and accurately reflects how and why we use your personal information. Please let us know if you have any queries or spot any mistakes.