This Notice tells you what to expect when we collect personal information. Rayden Solicitors will respect your privacy and look after your personal data.
This Notice contains information about:
- Who we are and Regulations we follow
- What is personal data and special category data?
- Why we collect your personal information?
- How is your data collected?
- How we use your data?
- How long we keep information?
- How we keep information secure?
- Your rights
- How we provide the information?
- Can you see all the information we hold about you?
- Information sharing and third parties
- Information collected from third parties
1. Who we are and Regulations we follow?
Raydens Limited (trading as Rayden Solicitors) is the “data controller” of the personal information we hold for the purposes of the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018 (the Data Protection Act) which supplements UK GDPR and extends its application in the UK.
The Brexit transition period ended on 31 December 2020. Data we collected before the end of 2020 about people who were located outside the UK (EU/EEA) at the end of 2020 will be subject to the EU GDPR as it stood on 31 December 2020 (known as the ‘frozen GDPR’).As part of the new trade deal, the EU has on 28th June 2021 agreed an adequacy decision for the UK. The granting of an adequacy decision means that the personal data of EU/EEA data subjects can now be transferred from the EU/EEA to the UK without any further procedures in place such as Standard Contract Clauses (SCCs) or Binding Corporate Rules (BCRs). The EU Commission will further review this adequacy decision in 4 years.
What countries or territories are covered by adequacy regulations?
The UK has “adequacy regulations” in relation to the following countries and territories, which means it can transfer personal data between the UK and the following countries and territories, without any further procedures:
- The European Economic Area (EEA) countries.
- These are the EU member states and the EFTA States.
- The EU member states are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
- The EFTA states are Iceland, Norway and Liechtenstein.
- EU or EEA institutions, bodies, offices or agencies.
- Countries, territories and sectors covered by the European Commission’s adequacy decisions (in force at 31 December 2020)
These include a full finding of adequacy about the following countries and territories:
Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.
In addition, the partial findings of adequacy about:
Japan – only covers private sector organisations.
Canada – only covers data that is subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
If, during the course of our retainer with you and/or us processing personal data for and on your behalf, you travel outside the UK and to any of the above listed countries, then the onus is on you to let the firm know specifically which country, as we may have to implement additional safeguards, such as encryption of data/transfer restrictions for the transfer of any personal data from us to you in such countries that may not be covered by the UK adequacy decisions that are in place.
2. What is personal data and special category data?
Personal data is defined in the UK GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
3. Why we collect your personal information?
This policy applies to information we collect about:
- visitors to our website
- service providers
- applicants to work at Rayden Solicitors
- people who make enquiries
- others connected to our work
What type of information we may collect:
- Normal personal data including your name, address, telephone number, date of birth, email address, geographical/location details, bank account details, employment details, National Insurance number, educational qualifications;
- Personal financial data;
- Personal identity – we retain copies of passports or identity documents to verify your identity;
- Special categories of personal data – for example we may process data concerning your health if you give this to us;
- CCTV images or photos when attending our meetings or events;
- Call recordings.
As a legal services firm, most of the personal data we process is data relating to our contractual functions, powers and duties.
Data may also be processed because it is necessary for the pursuit of our legitimate interests and/or the legitimate interests of others.
There may be occasions where we process data to comply with legal obligations, particularly in the context of legal proceedings and/or compliance with requests by law enforcement agencies, for example; although, even in these cases, our regulatory functions will also generally be engaged.
We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this in the course of collecting the data.
We may also use data to improve our level of service. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so. We may for instance, monitor and/or record calls for quality and accuracy purposes.
Covid 19 Contact Tracing (NHS Test and Trace Service in England)
As you will be aware, the Government’s advice is that participation in the Covid-19 contact tracing programme is an important part of its measures to curb the spread of Covid-19 in the UK.
A situation may arise in which, for the purpose of contact tracing, we may be asked to provide the NHS Test and Trace service with your name, telephone number(s), date of visit, arrival time and where possible departure time and details of any relevant contact between you and any member of our staff, or visitors to our premises. We will collect and process this data using legitimate interest as our lawful basis for processing the aforementioned data. In this case, the collection of customer data is for a contact tracing scheme (namely NHS Test and Trace in England). For the purposes of the NHS test and trace in England Scheme, we are required to hold the aforementioned personal data for 21 days. However records which are made and kept also for other business purposes will not be disposed after the 21 day period and will be kept in accordance with our Firm’s usual retention policies-see section 6 below.
Family Law Partners (UK) Limited/Family Law Lab-Engage Pilot
Family Law Lab is a software platform managed by Family Law Partners (UK) Limited which facilitates services for visitors from selected law firms and introduced by selected law firms. Rayden Solicitors are participating in the Engage Pilot running on the Family Law Lab platform.
Using the Family Law Lab Platform and the Engage Pilot, visitors would be requested to provide certain personal data in order to get legal advice and guidance. Examples of the personal data that may be requested are: General data that identifies individuals such as names, ages, addresses, children and financial details. Additionally, special category data which may include general health although your response is optional.
You would be asked to provide consent to Family Law Lab in order to share the personal data with us at Rayden Solicitors, for the purpose of obtaining legal guidance and advice. If the necessary consent is obtained by Family Law Lab, then we will process your personal data as follows:
For general data: using “Legitimate Interest’ as the lawful basis for such processing.
For special category data: on the basis that the processing is necessary for the establishment, exercise or defence of legal claims or remedies on your behalf.
Legl – Our AML Partner for client identification and verification
We use the services of Legl, our AML Partner, to provide secure digital identity verification, online payments, and to share key documents as part of our client on-boarding process, in line with SRA regulations and our Anti Money Laundering professional obligations.
All information provided is securely processed by Legl using the highest security standards to encrypt your details and keep your personal data safe. You will receive a link to your email address to start your client on-boarding, and you will be redirected to Legl’s secure portal where the verification will take place.
The lawful basis that we will use for the processing of your personal data for this identification and verification purpose is to comply with “legal obligation”.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). If you choose not to give us your consent for our mailing list, there will be no effect on your legal contract with us.
4. How is your data collected?
We use different methods to collect data from and about you including through:
You may give us your identity and contact details by filling in forms or by corresponding with us by post, phone, and email or otherwise. This includes personal data you provide when you:
- Make an enquiry about our services or instruct us;
- Give us some feedback;
Automated technologies or interactions.
Third parties or publicly available sources.
We may receive personal data e.g. computer IP address, about you from various third parties and public sources as set out below:
- Technical data from the following parties: analytics providers such as Google based outside the EU;
- Contact, financial and transaction Data from providers of technical, payment and delivery services.
- Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
- Referrals and opponents.
- Enquiries made electronically or over the telephone
The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include experts including but not limited to barristers, pension advisors, mortgage brokers, private detectives, medical experts, counsellors, mediators and estate agents.
Some data is collected when people sign up to receive marketing or register with us for events.
5. How we use your data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To perform legal and other service;
- Where we need to perform the contract we are about to enter into or have entered into with you;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- Where we need to comply with a legal or regulatory obligation;
- To respond to enquiries/communication;
- Marketing purposes;
- To expand and maintain our list of contacts;
- For Rayden’s business purposes, including internal admin, data analysis, billing and responding to actual or potential fraud;
- To advertise, provide and assess the effectiveness of our events, promotional campaigns, publications and services, including participating in any legal, chambers or similar ranking or award submissions and/or application process.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or by post. You have the right to withdraw consent to marketing at any time by contacting us at firstname.lastname@example.org.
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you.
You will receive marketing communications from us if you have requested information from us or purchased services from us or if you provided us with your details when you entered a competition and, in each case, you have not opted out of receiving that marketing.
We will not sell your personal information. We also do not share personal information that reasonably identifies you with unaffiliated entities for their independent use except where it is shared with trusted organisations and/or bodies for the purposes of independent research into the world’s leading lawyers, law firms and professional advisers. Where such personal data is shared, it is done so confidentially for their internal interview and/or application, research, ranking and award purposes only. The lawful basis that we use to share such personal data is legitimate interest and you have the ability to exercise all of your rights as mentioned in section 8 below.
6. How long we keep the information for?
We will only keep your personal data for as long as we need it in order to complete the purpose for which we collected it in the first place. When a legal case is concluded, we retain your file of papers up to a period of 7 years from date of formal closure. Provided we have not identified any of your papers as being required for a longer term, we will aim to destroy all papers and data we hold about you upon the expiry of the 7 year period, unless we have a legal, regulatory or statutory obligation to dispose of /delete such papers/data prior to this period. Due to current case management system constraints, all digital information will be securely retained on our case management system and anonymised/redacted where possible.
When we receive job applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. We will keep the information for a period of 1 year, after which it will be destroyed.
If you have opted-in to receive our marketing communications we will be asking for re-consent every 2 years from the date you originally consented. You can unsubscribe from our data at any time during this period.
7. How we keep information secure?
We are under a general duty to keep personal data and information confidential. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place. We use secure portals and encryption tools when necessary to ensure data in transit is protected.
Rayden Solicitors uses technology to collect information about the use of the website and to distinguish you from other users in order to improve your experience when you browse the Rayden Solicitors website.
These cookies are used throughout the www.raydensolicitors.co.uk website. These cookies are used for reporting purposes helping us to collect information about how many people use our site, what parts are accessed and where visitors come from.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/
You should note that by deleting or blocking cookies, the website may not function correctly and you may not be able to access certain areas.
8. Your rights
Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below. If you have any concerns of this nature, you can email our Data Protection Manager, Loschinee Reddy at email@example.com.
The right to rectification
You are entitled to have your records amended if the personal data we hold is inaccurate or incomplete.
The right to erasure
You have a right to request your data is deleted in certain circumstances, i.e. where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, it is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (see below) and there are no overriding legitimate grounds to continue; where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation.
The right of access
You have the right to obtain a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with as well as details of the period for which the data will be retained.
In most instances, we will provide the information to which you are entitled within one month of receipt of a valid request. Requests which are complex or numerous may however take up to three months.
Requests which are considered manifestly unfounded or excessive will be refused.
The right to restrict processing
You have the right to limit the way we use your personal data if you are concerned about the accuracy of the data or how it is being used. You can also stop us deleting your data.
To exercise your right to restriction, you should make the request directly to our Data Protection Manager, Loschinee Reddy and say what data you want restricted and the reasons why.
The right to object to processing
You have the right to object to the processing of your personal data in certain circumstances. If the firm agrees to your objection, we must stop using your data for that purpose unless it can provide strong legitimate reasons to continue to use your data despite your objections.
You have an absolute right to object to the firm using your data for direct marketing and once you exercise this objection, the firm must stop using the data.
The right to data portability
You have the right to ask us to transfer the information you have given to us from one organisation to another or to give that information back to you.
This right will only be applicable if we are processing information based on your consent or under contract and the processing is automated.
The right not to be subject to decision making based on automated processing
You have the right not to be subject to a decision based solely on automated processing i.e. decisions made entirely by technological means, without human intervention.
This right includes profiling for example any form of automated processing for the purpose of evaluating you as an individual.
We confirm that we do not make decisions based on automated processing as all decisions are made by individual/individuals within the firm.
The right to lodge a complaint with a supervisory authority
The Supervisory authority is the Information Commissioner’s Office (ICO) whose contact details are as follows:
Information Commissioner’s Office
Helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. If you are calling from outside the UK, you may not be able to use the 03 number above, so please call +44 1625 545 700.
Fax: 01625 524 510
Opening Hours: their normal opening hours are Monday to Friday between 9am and 5pm UK time.
9. How we provide the information to you?
We usually send a hard copy by special delivery post to your residential address or by email. We can make other arrangements in some cases.
10. Can you see all the information we hold about you?
You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that:
- is about another person
- is subject to legal privilege
If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.
11. Information Sharing and third parties
We use cloud-based providers who operate within the EU under suitable data protection arrangements and security controls in place in accordance with the requirements in UK GDPR.
We also store hard copy material with Oasis in the UK who provide archive services to Rayden Solicitors. We have a data processing agreement in place with Oasis to ensure Oasis’s security arrangements and the understanding as to the basis and requirements for processing is aligned with ours.
We also share data with organisations who perform audit and assurance roles for us and those who provide professional advisory services. This includes legal, medical and other professional advisers; again, with whom we have arrangements to ensure their compliance with our requirements.
12. Information collected from third parties
As explained more particularly below, we also obtain data from third parties. Generally, when we do this, it is in the exercise of our regulatory functions, powers and duties, including:
- Complainants, other regulatory bodies, law enforcement agencies and witnesses.
Changes to this notice
We keep this notice under regular review.
Last updated December 2021.