Privacy and Cookies Policy
This Privacy Notice contains important information about the way in which we use, share and store your personal information. Please take some time to read it carefully.
This Notice is relevant to you because you are either a client of Harrison Drury & Co Limited, or; you have made an enquiry about our services through our website or otherwise; you have provided your contact details to us; receive updates, newsletters and information from us or are interested in our networking and marketing events and initiatives.
About us
Harrison Drury & Co Limited (“the Company”) provides legal services to our clients in accordance with their instructions.
In addition, we carry out business development, deliver training and raise awareness of current legal issues relevant to our clients, referrers and the wider community. We are also involved in pro bono work and support for our community.
The Company is the Data Controller for the purpose of the General Data Protection Regulation (“GDPR”) in respect of personal data supplied to us to enable us to provide those legal services to you, or to carry out the other functions referred to.
We are registered with the Information Commissioners Office, registration number Z2502402.
Our aim
We aim to comply with data protection law. This means that the personal information that we hold about you must be:-
- used lawfully, fairly and in a transparent manner;
- collected only for valid purposes that we have clearly explained to you, and not used in any way that is not compatible with those purposes;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about;
- kept securely
We already work to high standards of data protection and client confidentiality and will take every precaution to keep your data secure.
Contact us
You may have questions about this notice or your personal data generally. If so, please address them to our Risk and Compliance Manager, who is our nominated data protection representative.
Our Address:
Harrison Drury & Co Limited, 1a Chapel Street, Winckley Square, Preston, PR1 8BU
Email: enquiries@harrison-drury.com
What personal information do we hold and use?
To enable us to provide you with the legal services that we have been contracted to provide, respond to your enquiries about our services and to carry out the other functions referred to above, we may need to hold and use the following types of data:-
Personal
- Your name (and/or business name where relevant);
- Your contact details e.g. address, email address, home/office/mobile telephone numbers;
- Your date of birth.
Financial
- Bank or building society account details;
- National Insurance number;
- Other relevant financial details personal to you e.g. HMRC records.
Identification
- Electronic ID;
- Passport;
- Driving Licence;
- Proof of address e.g. latest utility bill.
Case or matter details and documents
Including:-
- Personal information about you or others involved in the case or matter;
- Due diligence in corporate transactions involving documents that contain personal information.
Legal documents
For example:-
- Wills, Property title documents, Marriage certificates, Court orders.
Special category data
This is data that is more sensitive and therefore requires additional protection. We may need to hold special category data for you where it is necessary for the legal services we are providing for you, or enquires that you are making.
We can assure you that we do not use this information for marketing purposes.
Examples include:- data revealing your race, ethnic origin, religious, political or other beliefs, disability, associations, sexual orientation, details of your sex life, social care history, health, genetics, biometric data and details of any relevant criminal convictions.
Most of the personal information that we hold will come from you.
How we use your personal information and for what purpose
For us to hold your personal data, we must have a lawful basis for doing so.
Where you are a client
We rely on one or more of the following lawful bases to hold and process your standard data.
Where we are holding and processing special category data, we rely on two or more of them as follows:-
- The lawful basis of performing our contract with you to provide legal services;
- The processing being necessary for the purposes of the legitimate interests of both you and/or our business, for example;
- in developing our business;
- you having access to information and events relevant to you and/or your business interests;
- in meeting our compliance requirements which includes keeping anti-money laundering records;
- achieving and maintaining professional accreditations;
- in order to protect us and our third parties against security breaches and fraud;
- in the defence of any complaints, claims or fees recovery and other disputes.
- The processing being necessary for us to comply with our legal obligations, for example;
- complying with directions from a Court, Tribunal or other Judicial or quasi-Judicial authority, such as an Arbitrator;
- complying with investigations by the SRA, Legal Services Ombudsman, Information Commissioners Office, or any other statutory regulator.
Where you are not a client
We may also hold and process your personal data where you are any of the following:-
- A prospective client that has made an enquiry about our services through our website or otherwise;
- a party to any matter involving any of our clients, where it is necessary to hold and process your personal data;
- A professional referrer;
- An individual or company that has provided your contact details to us in order receive updates, newsletters and information, or have attended or are interested in our networking and marketing events and initiatives;
- A provider of services to us;
- A community body or individual whose personal data we hold in connection with our Corporate Social Responsibility (CSR) activity. A copy of our CSR policy is readily available on request.
We will hold and process your personal data for the purposes you would reasonably expect and we rely on one or more of the following lawful bases to do so:-
- The processing being necessary for the purposes of the legitimate interests of both you and/or our business, for example;
- in receiving your instructions to act for you on a legal matter;
- developing our business;
- you having access to information and events relevant to you and/or your business interests;
- meeting our compliance requirements which includes keeping anti-money laundering records;
- achieving and maintaining professional accreditations;
- in order to protect us and our third parties against security breaches and fraud;
- in the pursuit or defence of any complaints, claims or fees recovery and other disputes.
- The processing being necessary for us to comply with our legal obligations, for example;
- complying with directions from a Court, Tribunal or other Judicial or quasi-Judicial authority, such as an Arbitrator;
- complying with investigations by the SRA, Legal Services Ombudsman, Information Commissioners Office, or any other statutory regulator.
Where we are holding and processing any special case data for you, we rely on both of the above lawful bases.
Whatever your reason for giving us your data, when we process your data for our legitimate interests, we will consider and balance any potential impact on you of our doing so and will comply with all relevant data protection laws.
We will only store your data in those circumstances for as long as it is necessary to do so.
Third parties
Client data will also be available to, but not routinely shared with, some third party contractors. Where there is a business relationship between the Company (the Data Controller) and the third party (the Data Processor), this will be subject to a ‘minimum terms’ contract between both parties detailing the circumstances in which the data can be processed.
Examples of such companies include:
- Telephony companies (out of hours call handling, telephone call recording);
- IT systems (case management systems, compliance monitoring systems, financial management systems, company website);
- IT management companies (systems maintenance, upgrade and repair);
- Data management companies (storage of historic files);
- These companies will not have routine access to your data but may be required to access it for system maintenance purposes.
We may share your personal data with selected third parties for marketing purposes and to advise you of other services that we think maybe of interest to you.
We may also share your personal data with third parties where we are working in conjunction with them in order to deliver a service relevant to or under instruction from you, for example barristers, experts, accountants, public authorities, etc.
We may occasionally contact you to seek your views on our services by way of online surveys or questionnaires.
The Company is periodically subject to scrutiny by external auditors such as ‘Lexcel’ and ‘Legal Eye’ in order to achieve and maintain certain quality frameworks and accreditations. As part of these processes, assessors are required to access client files to ensure that appropriate standards are applied.
The Company believes that this is in the legitimate interests of both the Company and the clients in order to ensure the continued provision of a high standard of service and to ensure compliance with our regulatory obligations.
Transfer of your data outside the European Economic Area (EEA)
We may share some of your personal information with bodies outside of the EEA. Where the countries to which your personal information is transferred do not offer an equivalent level of protection for personal information to the laws of the UK, we will make best endeavours to ensure that appropriate safeguards are put in place.
How we store your personal information and for how long
Your files and data will be held securely in accordance with the Company’s file retention policy, which is readily available on request. Dependent on the nature of your instruction, this could be a period of 7 years (for example, in residential conveyancing matters) or up to 99 years for private client matters.
These time limits reflect the periods in which action can be brought under the Limitations Act 1980 or to reflect legal obligations.
Upon completion of the matter, all files are marked with the relevant timescale for deletion. The timescale will be communicated to you when the matter is closed. Whilst the Company endeavours to maintain as much information as possible electronically, certain documents are required by law to be kept in hard copy.
Any such document that cannot be returned to you will be archived securely on office premises or off site in secure storage. If you require further information, you should speak to the fee earner for your matter who will advise you accordingly.
Your rights
In addition to your right to be informed of the grounds for the Company’s processing of your data, you are also advised of the following rights relating to the processing of your personal data:
Right of access
You have the right to access your data and to ensure that our grounds for processing your data are legitimate.
Any information requested will be provided free of charge unless the Company believes any data access request to be unfounded, excessive or repetitive in nature. In these circumstances, the Company can charge a fee that it believes to be reasonable based on the nature of the request.
Any subject access request will be responded to within one calendar month unless it is particularly complex or numerous requests are made. In these circumstances, the Company has up to two months to respond to you.
Right to rectification
If you become aware that any of your personal data that we hold is in any way inaccurate or incomplete, you have the right to have this data rectified.
If the data has been disclosed to any third party, we will inform them of the rectification and advise you of which third parties have received your data.
This will be addressed within one calendar month unless the request is complex in which case the period will be two months.
Right to erasure
In certain circumstances, you have the right to have any personal data we hold for you to be erased.
This would normally apply where we no longer have a lawful basis for processing your personal data or where you have initially given consent to the processing of your personal data and subsequently withdraw that consent.
However, the Company has a file retention policy where certain matters are kept on file for a specific period of time.
The Company may also retain certain documents until they can be released to you or, in the case of certain private client matters, indefinitely. This is in order to comply with legal and regulatory obligations and for insurance purposes in both your and the Company’s interests.
In these circumstances, your data will be held securely and, where practicable, we will anonymise your data. Once this time limit elapses your files (whether held electronically or in hard copy) will be securely deleted or destroyed.
Should you wish to be advised of this we will send you confirmation that your file has been deleted or destroyed.
Right to object
You have the right to object to the processing of your personal data where we have a legitimate interest for processing that data.
Any objection must be based on grounds relating to your particular situation and we may continue to process your personal data if we identify legitimate grounds for continuing to do so and which override your personal interests and also for the establishment, exercise or defence of legal claims.
It is your absolute right to object to the processing of your personal data in relation to direct marketing at any time.
Right to restrict processing
The Company will cease processing your data but may continue to retain it if you:
- Contest the accuracy of the data we hold for you until it is verified;
- Object to the processing of the data in certain circumstances;
- Require the data to be held for the purpose of establishing, exercising or defending a legal claim even where we are no longer required to retain that data.
If your data have been shared with a third party we will notify them of the restriction of the processing of your data.
For further information about your rights please visit the Information Commissioner’s Office website at: www.ico.org.uk
Where to make a complaint about data protection
We hope that we can resolve any query or concern you raise about our use of your personal data, however, in the event you wish to make a complaint on any issue regarding your personal data or this Notice please write to our Risk and Compliance Manager at:
Our Address:
Harrison Drury & Co Limited, 1a Chapel Street, Winckley Square, Preston, PR1 8BU
Email: enquiries@harrison-drury.com
In the event you are not satisfied with the outcome of your complaint, you may write to the Information Commissioner’s Office at:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
You can also contact the Information Commissioner’s Office using their online form by visiting: www.ico.org.uk
Changes to this Privacy Notice
We want you to feel reassured as to how we handle your personal data and aim to meet high standards and so our policies and processes are subject to review.
We reserve the right to change this Notice as and when required and if we do we will inform you usually by email and/or by publishing the updated content on our website: www.harrison-drury.com
Do you need extra help?
Please contact us if you would like to receive this Notice in another format.
We thank you for taking the time to read this Privacy Notice.
What are cookies?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Our use of Cookies
This website only uses third party cookies as outlined below.
Third Party Cookies
Some of the cookies stored on your computer when using our website are not directly related to us.
Google Analytics – This tool is used by nearly every website in the world and helps us view and analyse visitor information; such as browser versions, visitor numbers, and response to marketing activity. This information enables us to improve the website and your visiting experience.
The information stored by these cookies is secure, never contains any confidential information and can only be seen by us and Google. For more information, follow the link below for Google’s Privacy Policy
http://www.google.co.uk/intl/en/analytics/privacyoverview.html
Managing Cookies
The majority of web browsers have cookies enabled by default. You can configure your web browser to refuse cookies, or to be informed if a cookie is set. Each web browser has different ways of doing this, so please look at the ‘Help’ menu of your browser to learn how to change your cookie preferences.
To find out more about cookies visit www.allaboutcookies.org