Child & Child is the trading name for Allium Law Limited, a limited liability company No 07617921, regulated by the Solicitors Regulation Authority under SRA number 562710.
In accordance with The General Data Protection Regulation 2018, (GDPR), Child & Child is registered as a ‘Data Controller’ on the public Register of Data Controllers as maintained by the Information Commissioner Office (ICO).
What information will we collect from you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
In order to ensure that the data we collect from you is being processed lawfully and fairly in accordance with the GDPR, we will only collect information from you that is relevant to the matter that we are instructed with. For example, by retaining us in a matter you are authorising us to process your personal data upon a contractual basis. In particular, whilst acting for you we may collect the following information which is defined as ‘personal data’: Personal details, such as family, lifestyle and social circumstances, financial details and business activities of the person whose details we are processing.
We may also collect information that is referred to as being in a ‘special category’. This could include: Physical or mental health details, racial or ethnic origin, religious beliefs or other beliefs of a similar nature, biometric data, criminal convictions & sexual orientation. You authorise us to process this data on the basis that it is necessary for the establishment, exercise or defence, or legal claims under a contract.
How will your information be used?
Much depends on the purpose of our relationship. Generally, we will use your information for the provision of legal advice necessary for the performance of the contract between us. We may also use it for: Administering any accounts, processing your bank/credit card details in order to obtain payment, the prevention and detection of fraud, credit reference checks (where appropriate).
From time to time we may need to disclose information to third parties such as barristers, accountants and government agencies. It may also be necessary to permit third parties (such as auditors, our professional indemnity insurers and the Solicitors Regulation Authority) to have access to your information for administrative or regulatory purposes. On occasion, we may be obliged to transfer information to countries outside the European Economic Area which do not provide the same level of data protection as the UK.
If we decide to share your information with others, we will provide you with as much information about the intended recipients as we reasonably can be expected to, before it is shared. Under our Code of Conduct 2019 (Regulations that apply to law firms), there are very strict rules governing solicitors and who they can share your information with. This will normally be limited to other people who will assist with your matter. This may include: barristers and other solicitors, medical experts, healthcare professionals, social and welfare organisations the courts and tribunals, in the event that your matter becomes litigious (please note this is not an exhaustive list).
From time to time, we may use your personal information for marketing purposes. Under GDPR, we are obliged to ask if you object to us sharing your information for marketing purposes. If you do not want us to share your personal information for marketing purposes, you must let us know. You may receive an email asking you to provide us with consent. Our retainer letters (or client care) letters also provide an opportunity for you to provide us with consent, should you wish to ‘opt in’ for marketing purposes.
We may occasionally send you mailings which you have requested or we feel may interest you and/or are relevant to you (and your business). Such mailings may include details of our products and services; newsletters; briefing notes and legal updates; and invitations to our various training seminars and other social events.
We will use reasonable endeavours to keep any information provided to us, secure and to take appropriate technical and organisational measures against any unauthorised or unlawful processing/accidental loss/destruction/damage of any personal data within that information. It is impossible to guarantee that your information will be free from every possible security breach and you acknowledge and accept that risk when engaging with us. We may also disclose your information to your family, associates or representatives and we may also disclose your information to debt collection agencies.
We shall not disclose any of your personal information which we obtain as a result of a relationship with Child and Child, except: As is reasonable and necessary for the purpose of carrying out your instructions; As required by law including in response to any requests for information under freedom of information or environmental legislation; As required by any regulatory, governmental or other authority (including the SRA) to which we are subject too; As is required to enable us to enforce our rights under the client care letter (or retainer).
You can block cookies by activating the setting on your browser which allows you to refuse the setting of all or some cookies.
Our database of personal details, is used by us, and third parties acting on our behalf, for client administration and marketing related purposes.
How long will we keep your information for?
In relation to client matters, we will keep information throughout the period of time that we are retained and afterwards for a minimum of six years, as we are required to do so by law. We will ensure any softcopy sensitive personal information is saved safely on our systems and hard copy files are stored in a secure facility.
Any other information will be kept for as long as is necessary for us to fulfil the purpose of any relationship you have with us.
Where we store your data
All soft copy information you provide to us is stored on our highly secure servers. All hard copy documentation is secured in our offsite specialist storage facility.
Contacting us about your information
You have a number of new rights under GDPR in relation to your personal information. You can make a number of choices about how we collect and use it. For example, you can decide not to receive marketing material from us, tell us you want to receive marketing communications, and object to the way(s) in which we use your personal information. Note that some of these changes, may impact our ability to conduct the purpose of our relationship.
If you would like to see the information we hold about you (requesting a subject access request, a SAR), or would like to be removed from our database and/or any mailing lists, please contact our Data Protection Officer, Ceri Hughes at CeriHughes@childandchild.co.uk. Please note that upon receipt of a SAR, we will ensure any information you are entitled to, will be forwarded to you within 30 calendar days.
It is important that the personal information we hold about you is accurate and current. If you are aware that any information we hold about you is inaccurate, please contact our DPO to update any personal information we hold about you at CeriHughes@childandchild.co.uk
If you would like personal data that we are holding about you deleted (where there is no valid reason for holding onto it), you must contact our DPO at CeriHughes@childandchild.co.uk
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our DPO at CeriHughes@childandchild.co.uk
Who can you complain to if you are unhappy about the information we hold on you?
If you are unhappy about how we are using your information then initially you should contact our Data Protection Officer (DPO) at CeriHughes@childandchild.co.uk. If your complaint remains unresolved, then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk
You have the right to be forgotten (Erasure). Data Subjects have the right to request that all their data be erased (this is not an absolute right and we may continue to process your data if it remains necessary for the purpose it was originally collected). If you do not wish to receive information from us and our services, or wish to receive only certain kinds of information, or wish to receive information only by a particular method please notify our DPO whose details are set out above.
Updated April 2020