Riley Langdon Solicitors treats the privacy of its clients, customers and website users judiciously and we take appropriate security measures to safeguard your privacy. This Privacy Notice explains how we protect and manage Personal Data you share with us and that we hold about you, including how we collect, process, protect and share that data.
Personal Data means any information that may be used to identify an individual, including but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
Riley Langdon Solicitors (“we”). We are authorised and regulated by the Solicitors Regulation Authority (No: 69394)
We provide legal services to UK financial institutions, UK based entities and individuals. As part of conducting these services you, or the UK financial institutions and entities that we act on behalf of, provide us with information about you to enable us to conduct legal services on yours or their behalf.
In instances where you are not our client, for example where we are instructed by a UK financial institution or entity, they will be the ‘Controller’ of this information and Riley Langdon Solicitors is a ‘Processor’. In such cases this Privacy Notice is therefore supplemental to the Privacy Notice provided by the UK financial institution or entity.
We will be the ‘Controller’ of the personal data in instances where you are our client. You may be deemed to be our client where you instruct is in respect of the following legal services, or similar:
Information provided by you
When a Controller decides to use our services, they provide us with your Personal Data which is necessary to provide you with the services they are providing or offering you.
You may also provide us with Personal Data directly, via transaction questionnaires or our online portals, over the telephone, texts, emails or similar mediums. This Personal Data includes name, address, date of birth, email address and bank account details. We use this information in order to fulfil the agreed legal services on our client’s behalf.
We may also keep information contained in any correspondence you may have with us by post or by email and we may also record telephone conversations.
In certain circumstances, we may obtain sensitive medical information directly from you in line with our regulatory obligations and client requirements to identify and appropriately assist vulnerable customers.
We may also require children’s data depending on the form of legal services being provided or offered to you. If, as part of the transaction or legal service, you provide us with such data, this information will be treated in accordance with this policy.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR), such as credit bureaus, fraud prevention agencies, government bodies. You will already have submitted your Personal Data to the companies and agencies specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
We use your Personal Data to fulfil the agreed legal services you or our client has instructed us to carry out. We endeavour, at all times to protect your Personal Data, including health and financial details, in a manner which is consistent with our duties of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable physical and information security measures to protect your Personal Data in storage.
Any information that you choose to give us for the provision of legal services will be used by us for that purpose only or to comply with associated legitimate interests and will not be used for marketing purposes by us or third parties.
If you use our website (“Site”) we may use this information to conduct marketing activities, pre-instruction information for example through our conveyancing portal and online conveyancing calculator subject to obtaining specific opt-in consent.
That the data on our computer systems is protected through the use of updated anti-virus software (ESET Endpoint Antivirus). Our data is also backed up for added security with our IT provider.
The main legal basis for processing your information will be to perform the contract for legal services as agreed between us and our client, where the client is the Controller, or between you and us where you are our client.
Where we require special categories of data such as health information to assist with our vulnerable customer duties, the provision of this information and legal basis for processing this information is express consent. If we do not obtain consent from you, then we may be unable to monitor or proceed with your transaction in accordance with our vulnerability policy.
In certain circumstances, we may be required to share your Personal Data with third parties such as, Solicitors Regulation Authority, the Legal Ombudsman or auditors for the purpose of quality and compliance audits. In these instances the legal basis for processing your information will be legitimate interest.
Additionally, we may be required to obtain Personal Data from you in order to comply with our regulatory and legal obligations, for example to comply with anti-money laundering legislation, court orders or conduct fraud prevention. In these instances, our legal basis for processing information will be to fulfil a legal obligation.
We will keep information about you confidential and we may share your Personal Data with third parties such as, Solicitors Regulation Authority, the Legal Ombudsman, Alternative Dispute Resolution Professionals, barristers, barristers’ chambers or auditors for the purpose of quality and compliance audits.
In order to fulfil the performance of the contract or to satisfy a legal obligation we may be required to disclose your information to third parties in the following sectors government: legal and compliance, law enforcement or similar. Examples of the types of third parties used include:
In sharing your information with a third party, in doing so, we will ensure that the third parties are GDPR compliant.
In the event that Riley Langdon Solicitors is sold or integrated with another business, your anonymised details may be disclosed to our advisers and any prospective purchasers’ advisers and your personal details will be passed on to the new owners of the business.
We do not currently transfer your Personal Data outside the EEA. If in the future we transfer your Personal Data outside the EEA, in accordance with the terms of this Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and they only use your Personal Data in accordance with our instructions and update this privacy notice and circulate accordingly.
If you are our client and we are a Controller of your Personal Data we will hold your Personal Data in line with our retention policy; retaining data for 6 years from the closure of your matter. If you are not our client and we are the Processor of your Personal Data our retention period is in line with the length of time we need to keep your Personal Data in order to fulfil the agreed legal services on our client’s behalf. In both cases our retention periods are suitable in order to fulfil the agreed legal services and handle any insurance claims, they also take into account our need to meet any legal, statutory and regulatory obligations. In all cases our need to use your Personal Data will be reassessed on a regular basis and information which is no longer required will be disposed of.
If you do not wish us to process your personal data in order to use our Site or service, please use the contact details on the Site homepage. However, in most circumstances we may be under a legal obligation or have a legitimate interest to process your personal data e.g. to perform your remortgage contract or recover a debt in which case we may have to continue to process your personal data. If you do not wish for us to process your personal data in such circumstances, we will have to terminate our instructions.
We may sometimes anonymise your personal information and use it for data analytical purposes.
If you use our Site, we may also use aggregate information and statistics for the purposes of monitoring website usage and to help us develop our Site and services, and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
We may use sign up form data to assist with providing downloads, newsletters and enrolling on events. Such use does not result in any personally identifiable data, other than contact details, being collected, stored or transferred to such agencies. We, or our agents and sub-contractors, may contact you by post, e-mail or telephone to ask you for your feedback and comments on our services.
Right to be informed
You, the Data Subject, shall have the right to be informed of how your Personal Data is used. This Privacy Notice provides you with this explanation in relation to the information processed by us when providing Legal Services to you.
The General Data Protection Regulation (GDPR) grants you (the Data Subject) the right to access particular Personal Data that we hold about you. This is referred to as a Subject Access Request. We shall respond promptly and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the Personal Data we hold about you.
You may also request the following:
You, the Data Subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate Personal Data we hold concerning you. Taking into account the purposes of the processing, you, the Data Subject, shall have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
You, the Data Subject, shall have the right to obtain from us the erasure of Personal Data concerning you without undue delay.
This right does not apply if processing is necessary:
You, the Data Subject, shall have the right to obtain from us a restriction of processing where one of the following applies:
The right will not apply where the processing is necessary for:
Notification obligation regarding rectification or erasure of Personal Data or restriction of processing
We shall communicate any rectification or erasure of Personal Data or restriction of processing as described above to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
You, the data subject, shall have the right to receive your Personal Data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
We do not carry out any automated processing, which may lead to an automated decision based on your Personal Data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please submit a written request to Data Protection Officer, GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield, Durham, DH7 8ER or by email to firstname.lastname@example.org.
In order to provide the highest level of customer service possible, we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data or sensitive information we obtain. We ensure that the source of any Personal Data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the Personal Data we hold, please write to GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield , Durham, DH7 8ER or email email@example.com.
Riley Langdon Solicitors’ Data Protection Officer is Marie Riley and can be contacted at firstname.lastname@example.org
If you have a complaint regarding the use of your Personal Data or sensitive information then please contact us by writing to the GDPR Department: GDPR Department, Riley Langdon Solicitors, Suite 4 City West Business Park, St John’s Road, Meadowfield , Durham, DH7 8ER and we will do our best to help you.
You can also make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your Personal Data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
In running and maintaining our website we may collect and process the following data about you:
i. Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
ii. Information provided voluntarily by you. For example, when you register for information or make a purchase.
iii. Information that you provide when you communicate with us by any means.
We use the information that we collect from you to provide our services to you. In addition to this we may use the information for one or more of the following purposes:
i. To provide information to you that you request from us relating to our products or services.
ii. To provide information to you relating to other products that may be of interest to you. Such additional information will only be provided where you have consented to receive such information.
iii. To inform you of any changes to our website, services or goods and products.
If you have previously purchased goods or services from us we may provide to you details of similar goods or services, or other goods and services, that you may be interested in. Where your consent has been provided in advance we may allow selected third parties to use your data to enable them to provide you with information regarding unrelated goods and services which we believe may interest you. Where such consent has been provided it can be withdrawn by you at any time.
In operating our website it may become necessary to transfer data that we collect from you to locations outside of the European Union for processing and storing. By providing your personal data to us, you agree to this transfer, storing or processing. We do our upmost to ensure that all reasonable steps are taken to make sure that your data is treated stored securely.
Unfortunately the sending of information via the internet is not totally secure and on occasion such information can be intercepted. We cannot guarantee the security of data that you choose to send us electronically, Sending such information is entirely at your own risk.
i. In the event that we sell any or all of our business to the buyer.
ii. Where we are legally required by law to disclose your personal information.
iii. To further fraud protection and reduce the risk of fraud.
In accordance with the Data Protection Act 1998 you have the right to access any information that we hold relating to you. Please note that we reserve the right to charge a fee of £10 to cover costs incurred by us in providing you with the information.
Riley Langdon Solicitors is authorised and regulated by the Solicitors Regulation Authority (No: 69394)
4 City West Business Park
St John’s Road
Durham DH7 8ER
Riley Langdon Solicitors is authorised and regulated by the Solicitors Regulation Authority (No: 69394)