General Data Protection Regulation (GDPR)
ELDRIDGES SOLICITORS PRIVACY NOTICE
Eldridges Solicitors is a Data Controller in respect of information it processes for its clients (past, current and prospective), employees, individual and business contacts, referrers, opposing parties and their advisers, suppliers and third party experts and consultants. This Notice explains how Eldridges collects, stores and uses your data. Please read it to ensure that you are aware of how and why we using your information. This Notice is available on our website at eldridges.co.uk and may be updated from time to time so please check occasionally to ensure that you are up to date.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes either during the course of our engagement, or after, if you think it will be relevant.
We process personal information to enable us to provide legal services including advising and acting on behalf of our clients. We also process personal information in order to maintain our own accounts and records, promote our services and to support and manage our employees. We will use your information in a lawful, fair and transparent way in accordance with the GDPR. The Regulation sets out the lawful bases for processing information in certain circumstances. We will use your information:
If we need to use your information for any purpose other than that for which we collected it we will notify you and explain why.
We process information about:
Advisers, consultants and professional experts
TYPE OF INFORMATION
We process information relevant to the above reasons/purposes. This information may include:
Business of the person whose personal
information we are processing Education
We may also process sensitive classes of information that may include:
Trade union membership
Offences and alleged offences Criminal
We sometimes need to share the personal information we process with others. Where this is necessary we are required to comply with all aspects of Data Protection law. What follows is a description of the types of organisations we may need to share some of the personal information
we process with for one or more reasons. with:
Third parties who provide services to us such as:
o Providers of I T support and maintenance services
o Auditors and accountants
o Professional Indemnity and other
insurers and brokers
o Confidential waste disposal o Website hosting
Where necessary or required we share information
HMRC and other Government bodies Courts and Tribunals
Credit reference agencies
Debt collection and tracing agencies Financial organisations
Healthcare professionals, social and
Educators and examining bodies
Current, past or prospective employers Employment or recruitment agencies
Family, associates or representatives of
the person whose data we are processing Complainants/enquirers
TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
All of the information we hold is stored on a server hosted by one of our IT services providers at a Data Centre facility in England. Our IT service provider is a data processor and relevant staff are trained in the requirements of Data Protection and confidentiality as well as appropriate procedures,andtheyalsosignaconfidentialityagreement. TheDataCentrefacilityisprotectedby 24×7 security guard patrols and CCTV Monitoring. Access control requires an access card, PIN and biometric identity check, with only zoned access granted. There is a fully controlled goods-in and out procedure.
Depending upon the software services contracted they may use sub-contractors to enable the delivery of certain functionality . All sub -contractors sign a non -disclosure agreement and/or suppliercontractwithincludesrequirementspertinenttodataprotectionrequirements. Theirstaff undergo full background checks. It may sometimes be necessary to transfer information overseas to a country outside the European Economic Area (EEA) in order to deal with support calls. This will be a sister company to our IT service provider and may involve controlled remote access to customer data which will be stored in the UK. The sub-contractor has signed a contract incorporating standard contractual clauses issued by the ICO (Information Commissioner’s Office) and also data protection clauses compliant with GDPR requirements. Access to the data is controlled by UK resources who only grant access to overseas resources on a role basis using individual login details and is terminated as soon as the support call is formally accepted as “closed” by ourselves. Any copies of data transferred for use by the sub-contractor will be deleted at the same time.
If you are based outside the EEA by instructing us you acknowledge and agree that transfers of information are necessary for us to provide services to you.
HOW LONG DO WE KEEP INFORMATION?
We will store information for as long as it is required to enable us to fulfil the purpose for which we collected it and/or in order to comply with our legal and regulatory obligations:
o that we correct the information that we are holding. If you are aware that the information we are holding has changed please let us know and we shall amend it within a reasonable time.
o that we erase your information so that it is removed from our records (there may be circumstances that mean we should keep the information but we will let you know if this applies).
o that we restrict processing so that we still hold the information but do not do anything with it (this could be whilst we are dealing with correction of inaccuracies for example).
Please email us at email@example.com or write to us at: The Accounts Manager
36 St James’ Street
Isle of Wight PO30 1LF
We are registered with the Information Commissioner’s Office under registration number Z4982534.