Privacy notice
The General Data Protection Regulation (the “GDPR”) seeks to protect and enhance the rights of data subjects. The GPT Law Practice is committed to protecting and respecting your privacy. The GPT Law Practice recognises the importance of the correct and lawful treatment of personal information, and will only use personal information as set out in this Privacy Notice.
This Privacy Notice sets out how The GPT Law Practice collects and uses any information that you give us when you formally instruct us and use our website. The expressions “we”, “us” and “our” refer to The GPT Law Practice.
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal information, please contact the DPO at: kishan@gptlawpractice.com, or by post to: Mr Kishan Patel (Data Protection Officer) The GPT Law Practice, 799 Harrow Road, Sudbury Town, Wembley, Middlesex HA0 2LP.
It is important that you read this Privacy Notice, together with our client care letters, to understand the reasons for collecting or processing personal information about you, and to make you aware of how and why we are using such personal information.
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Who are we?
The GPT Law Practice (solicitors firm authorised by The Solicitors Regulation Authority SRA ID: 495561)
Address: 799 Harrow Road Sudbury Town Wembley Middlesex HA0 2LP
DX: 43253 Sudbury Hill
Tel: 00 44 (0) 20 8904 6495 / 00 44 (0) 20 8904 6598
Fax: 00 44 (0) 20 8904 5239
Website: www.gptlawpractice.com
In what capacity will The GPT Law Practice hold personal information about you?
During the course of acting on your behalf we will collect and use information about you to meet legal and contractual obligations.
We will act as both a Data Processor and as a Data Controller in respect of your personal information.
How is your personal information collected?
We will collect personal information from and about you, either
- directly from you by means of communications which may be in writing, by telephone, via the website and the internet or by any other means, or
- from third parties, if necessary, to meet legal and contractual obligations.
What personal information will The GPT Law Practice hold about you?
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you, as follows:
- full name and title
- contact information including email addresses and postal addresses, telephone numbers and fax numbers
- qualifications and employment history
- details of any potential conflicts of interest
- adverse credit and negative media
- criminal convictions
- date of birth
- identification or supporting documents (such as passport, driving license, birth certificate, utility bill etc.)
- IP address
- gender
- bank details
- customer data (relevant to acting for you, for e.g. mortgage account information and any relevant data in respect of any other matter that you instruct us on)
How will The GPT Law Practice use personal information held about you?
We will only use your personal information when the law allows us to.
We will use your personal data where we need to: (a) in order to meet our contractual obligations under our agreement with you; (b) where it is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests; or (c) where we need to comply with a legal or regulatory obligation.
Most commonly, we will use your personal information in the following circumstances and for the purposes of:
Purpose/Activity | Lawful basis for processing |
---|---|
Legal services | (a) Performance of a contract with you |
Internal record keeping | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (and to comply with the Solicitors Regulation Authority) |
Undertaking checks with third parties | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
Contacting any third parties mentioned by you to obtain further information, references or clarification on the data provided | (a) Performance of a contract with you |
Prevention and detection of crime (and the prosecution of criminal activities) | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (and to comply with the Solicitors Regulation Authority) |
Holding data to comply with applicable laws and regulations | (a) Necessary to comply with a legal obligation |
Processing payment for the purchase of products and/or services | (a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
Undertaking anti-money laundering, identity and credit checks | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation |
Monitoring negative media and business financial performance | (a) Performance of a contract with you (b) Necessary for our legitimate interests (running our business) |
Providing and sharing this information with our agents and case management providers so that they can assist us with providing services | (a) Necessary for our legitimate interests (for running our business, case management, provision of administration and IT services, network security, and to prevent fraud) (b) Necessary to comply with a legal obligation |
Storing data directly and indirectly up until the 7th anniversary after your matter has completed | (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (and to comply with the Solicitors Regulation Authority and commence or defend a prospective claim) |
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your personal information
Your personal information may also be disclosed to the following parties:
- providers of IT solutions;
- third party consultants, contractors or other service providers who may access the personal information when providing services (including but not limited to IT support services and case management providers);
- government bodies, law enforcement agencies, regulatory bodies, and in response to other legal or regulatory requests from similar third parties;
- legal advisers, accountants/auditors, contractors or other advisers auditing, assisting with or advising us on any aspect when we are acting for you or after we have ceased to act for you.
If you give us personal information regarding another person, you are confirming they have given you permission to provide their personal information to us to be able to process their personal information.
Will your personal information be transferred to other countries?
We may need to share personal information with third parties in both the UK and internationally for a variety of reasons. We require third parties to respect the security of your personal information and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We may transfer the personal information we collect about you to countries outside the EU in order to process your personal information on one of the grounds listed above. It is possible that the European Commission will have deemed such countries adequate. This means we can transfer your personal information to those countries as they will provide an adequate level of protection for your personal information.
However, not all countries to which we may transfer your personal information will be deemed adequate by the European Commission. To ensure that your personal information does receive an adequate level of protection we will put in place standard contractual clauses approved by the European Commission with those third parties wherever necessary. This ensures that your personal information is treated in a way that is consistent with and which respects the applicable laws on data protection.
What happens if you choose not to provide us with personal information or are unable to provide us with personal information?
If you fail to provide certain personal information when requested, we may not be able to perform the agreement we have entered into with you, or we may be prevented from complying with our legal obligations.
What are your rights relating to the use of your personal information?
Under the GDPR, you have certain rights in respect of the processing of your personal information, which may vary dependent on the legal basis for collection of your personal information and the uses made of this personal information.
For all uses made of your personal information you have the right to be informed about how we use your personal information, and this notice discharges that obligation. However, further rights may apply in different circumstances, as set out below:
- Right of access – you have a right to access a copy of the personal information that is held about you (subject to Data Protection Laws)
- Right of access – you have a right to access a copy of the personal information that is held about you
- Right of rectification – you have a right to correct personal information that is held about you if it is inaccurate or incomplete
- Right to be forgotten – in certain circumstances you can ask for the personal information held about you to be erased (please note our retention period set out below)
- Right to object to and restrict processing- where certain conditions apply you have a right to restrict (please note this may impact our ability to provide our services to you)
- Right to port data – you can instruct us to transmit your personal data to another solicitor and the right only applies to processing by automated means on the basis of contract or consent
- Right to withdraw consent – in the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. In the event that consent has been given and to withdraw your consent, please contact the DPO at: kishan@gptlawpractice.com, or by post to: Mr Kishan Patel (Data Protection Officer) The GPT Law Practice, 799 Harrow Road, Sudbury Town, Wembley, Middlesex HA0 2LP.
In the event you wish to exercise any of these rights, please make your request in writing to The GPT Law Practice’s DPO.
How long will The GPT Law Practice retain your personal information for?
We will retain your personal information for a minimum period of 7 years after we have finished acting for you in order to satisfy our legal, accounting, or reporting requirements.
Security
We have put in place measures to protect the security of your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
The internet is not a secure medium but we are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect online. We will use our best efforts to ensure that no unauthorised parties have access to any of your personal information and we restrict access insofar as it is possible to irrelevant non-public information about you to those individuals and entities that need to know the personal information to be able to provide products and services to you.
How we use cookies
Cookies are used on our Website. A cookie is a small file that is stored on your computer when you visit a website. If you visit the Website again, it is recognised as a repeat visit by means of the cookie. The cookie cannot be used to identify you on websites of third parties. The cookie helps analyse web traffic or lets you know when you visit a particular site. We use traffic log cookies to identify which pages are being used, which helps us analyse data about web page traffic and improve the Website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some personalised services on the Website may not be available if you choose to disable cookies.
Links to other websites
The Website may contain links to enable you to visit other websites of interest more easily. However, once you have used these links to leave our Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and this Privacy Notice does not govern such sites.
Further information
In the event you have any questions about this Privacy Notice or wish to make a complaint about how your personal information is being processed by The GPT Law Practice you have the right to complain to the DPO, by e-mail to: kishan@gptlawpractice.com, or by post to: Mr Kishan Patel (DPO) The GPT Law Practice, 799 Harrow Road, Sudbury Town, Wembley, Middlesex HA0 2LP.
You have the right to make a complaint at any time to the relevant supervisory authority. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO).
Legal statement about this Privacy Statement
This Privacy Notice forms part of our contract headed Client Care Letter (Terms and Conditions of Business). By signing our Form of Authority to Act you confirm your acceptance to be bound by the terms of this Privacy Notice. If you do not wish to be bound, regrettably we will be unable to act for you as we will not be in a position to comply with our obligations under the terms of the Contract and our legal and professional obligations.