Riley Langdon Solicitors treats the privacy of its clients, customers and website users judiciously and we take appropriate security measures to safeguard your privacy. This Privacy Notice explains how we protect and manage Personal Data you share with us and that we hold about you, including how we collect, process, protect and share that data.
Personal Data means any information that may be used to identify an individual, including but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
Who we are
Riley Langdon Solicitors (“we”). We are authorised and regulated by the Solicitors Regulation Authority (No: 69394)
We provide legal services to UK financial institutions, UK based entities and individuals. As part of conducting these services you, or the UK financial institutions and entities that we act on behalf of, provide us with information about you to enable us to conduct legal services on yours or their behalf.
In instances where you are not our client, for example where we are instructed by a UK financial institution or entity, they will be the ‘Controller’ of this information and Riley Langdon Solicitors is a ‘Processor’. In such cases this Privacy Notice is therefore supplemental to the Privacy Notice provided by the UK financial institution or entity.
We will be the ‘Controller’ of the personal data in instances where you are our client. You may be deemed to be our client where you instruct is in respect of the following legal services, or similar:
- Assent of Property
- Family Matters
- Transfer of Equity
- Shared Ownership
- Wills and Probate
- Power of Attorney
- Deputyship and Court of Protection
- Claims relating to Land/ Property
- Deed of Postponement
- Commercial Transactions
- Commercial Property transactions
- Conveyancing transactions
- Litigation instructions
How we obtain your Personal Data
Information provided by you
When a Controller decides to use our services, they provide us with your Personal Data which is necessary to provide you with the services they are providing or offering you.
You may also provide us with Personal Data directly, via transaction questionnaires or our online portals, over the telephone, texts, emails or similar mediums. This Personal Data includes name, address, date of birth, email address and bank account details. We use this information in order to fulfil the agreed legal services on our client’s behalf.
We may also keep information contained in any correspondence you may have with us by post or by email and we may also record telephone conversations.
In certain circumstances, we may obtain sensitive medical information directly from you in line with our regulatory obligations and client requirements to identify and appropriately assist vulnerable customers.
We may also require children’s data depending on the form of legal services being provided or offered to you. If, as part of the transaction or legal service, you provide us with such data, this information will be treated in accordance with this policy.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR), such as credit bureaus, fraud prevention agencies, government bodies. You will already have submitted your Personal Data to the companies and agencies specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
How we use your Personal Data
We use your Personal Data to fulfil the agreed legal services you or our client has instructed us to carry out. We endeavour, at all times to protect your Personal Data, including health and financial details, in a manner which is consistent with our duties of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable physical and information security measures to protect your Personal Data in storage.
Do we use your Personal Data for marketing purposes?
Any information that you choose to give us for the provision of legal services will be used by us for that purpose only or to comply with associated legitimate interests and will not be used for marketing purposes by us or third parties.
If you use our website (“Site”) we may use this information to conduct marketing activities, pre-instruction information for example through our conveyancing portal and online conveyancing calculator subject to obtaining specific opt-in consent.
That the data on our computer systems is protected through the use of updated anti-virus software (ESET Endpoint Antivirus). Our data is also backed up for added security with our IT provider.
What is our Legal Basis for processing your information?
The main legal basis for processing your information will be to perform the contract for legal services as agreed between us and our client, where the client is the Controller, or between you and us where you are our client.
Where we require special categories of data such as health information to assist with our vulnerable customer duties, the provision of this information and legal basis for processing this information is express consent. If we do not obtain consent from you, then we may be unable to monitor or proceed with your transaction in accordance with our vulnerability policy.
In certain circumstances, we may be required to share your Personal Data with third parties such as, Solicitors Regulation Authority, the Legal Ombudsman or auditors for the purpose of quality and compliance audits. In these instances the legal basis for processing your information will be legitimate interest.
Additionally, we may be required to obtain Personal Data from you in order to comply with our regulatory and legal obligations, for example to comply with anti-money laundering legislation, court orders or conduct fraud prevention. In these instances, our legal basis for processing information will be to fulfil a legal obligation.
We will keep information about you confidential and we may share your Personal Data with third parties such as, Solicitors Regulation Authority, the Legal Ombudsman, Alternative Dispute Resolution Professionals, barristers, barristers’ chambers or auditors for the purpose of quality and compliance audits.
In order to fulfil the performance of the contract or to satisfy a legal obligation we may be required to disclose your information to third parties in the following sectors government: legal and compliance, law enforcement or similar. Examples of the types of third parties used include:
- any third parties with a legitimate interest to the data in order to effect the performance of the contract, for example Her Majesty’s Land Registry, Companies House, Departments of Works and Pension, Local Authorities, HM Revenue and Customs, Financial Institutions;
- any contractors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential, for example tracing or collection agents, credit reference agencies, anti-money laundering due diligence services, expert witnesses, advocacy agents, professional advisors or representatives, IT providers, records management providers;
- anyone to whom we may transfer our rights and duties under any agreement we have with you;
- any legal or crime prevention agencies and/or to satisfy any regulatory request (including recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.
In sharing your information with a third party, in doing so, we will ensure that the third parties are GDPR compliant.
In the event that Riley Langdon Solicitors is sold or integrated with another business, your anonymised details may be disclosed to our advisers and any prospective purchasers’ advisers and your personal details will be passed on to the new owners of the business.
Transfer of your Personal Data outside of the European Economic Area (EEA)
We do not currently transfer your Personal Data outside the EEA. If in the future we transfer your Personal Data outside the EEA, in accordance with the terms of this Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and they only use your Personal Data in accordance with our instructions and update this privacy notice and circulate accordingly.
How long do we keep this information about you
If you are our client and we are a Controller of your Personal Data we will hold your Personal Data in line with our retention policy; retaining data for 6 years from the closure of your matter. If you are not our client and we are the Processor of your Personal Data our retention period is in line with the length of time we need to keep your Personal Data in order to fulfil the agreed legal services on our client’s behalf. In both cases our retention periods are suitable in order to fulfil the agreed legal services and handle any insurance claims, they also take into account our need to meet any legal, statutory and regulatory obligations. In all cases our need to use your Personal Data will be reassessed on a regular basis and information which is no longer required will be disposed of.
What if I choose not to give you my personal information?
If you do not wish us to process your personal data in order to use our Site or service, please use the contact details on the Site homepage. However, in most circumstances we may be under a legal obligation or have a legitimate interest to process your personal data e.g. to perform your remortgage contract or recover a debt in which case we may have to continue to process your personal data. If you do not wish for us to process your personal data in such circumstances, we will have to terminate our instructions.
Will you process my information for purposes I may not be aware of
We may sometimes anonymise your personal information and use it for data analytical purposes.
If you use our Site, we may also use aggregate information and statistics for the purposes of monitoring website usage and to help us develop our Site and services, and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
We may use sign up form data to assist with providing downloads, newsletters and enrolling on events. Such use does not result in any personally identifiable data, other than contact details, being collected, stored or transferred to such agencies. We, or our agents and sub-contractors, may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.
Data Subject Rights
Right to be informed
You, the Data Subject, shall have the right to be informed of how your Personal Data is used. This Privacy Notice provides you with this explanation in relation to the information processed by us when providing Legal Services to you.
Subject access requests
The General Data Protection Regulation (GDPR) grants you (the Data Subject) the right to access particular Personal Data that we hold about you. This is referred to as a Subject Access Request. We shall respond promptly and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the Personal Data we hold about you.
You may also request the following:
- sources from which we acquired the information;
- the purposes for processing the information; and
- persons or entities with whom we are sharing the information.
Right to rectification
You, the Data Subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data we hold concerning you. Taking into account the purposes of the processing, you, the Data Subject, shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
Right to erasure
You, the Data Subject, shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay.
This right does not apply if processing is necessary:
- for the exercise of the right of freedom of expression and information;
- for compliance with a Union or Member State legal obligation;
- for compliance with legal obligations with SRA, auditing, HMRC;
- for performance of a public interest task or exercise of official authority;
- for public health reasons;
- for archival, research or statistical purposes (if any relevant conditions for this type of processing are met); or if required for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You, the Data Subject, shall have the right to obtain from us a restriction of processing where one of the following applies:
- the accuracy of the Personal Data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
- the processing is unlawful and you, the data subject, oppose the erasure of the Personal Data and instead request the restriction in its use;
- we no longer need the Personal Data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
- you, the data subject, have objected to processing of your Personal Data pending the verification of whether there are legitimate grounds for us to override these objections, provided that we shall not be liable for request made after our file retention period.
The right will not apply where the processing is necessary for:
- the establishment of legal claims
- the protection of another; or
- reasons of important public interest
Notification obligation regarding rectification or erasure of Personal Data or restriction of processing
We shall communicate any rectification or erasure of Personal Data or restriction of processing as described above to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing.
We do not carry out any automated processing, which may lead to an automated decision based on your Personal Data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please submit a written request to Data Protection Officer, GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield, Durham, DH7 8ER or by email to email@example.com.
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data or sensitive information we obtain. We ensure that the source of any Personal Data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the Personal Data we hold, please write to GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield , Durham, DH7 8ER or email firstname.lastname@example.org.
Data Protection Officer
Riley Langdon Solicitors’ Data Protection Officer is Marie Riley and can be contacted at email@example.com
If you have a complaint
If you have a complaint regarding the use of your Personal Data or sensitive information then please contact us by writing to the GDPR Department: GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield , Durham, DH7 8ER and we will do our best to help you.
You can also make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your Personal Data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
There you go! That wasn’t so bad!