The General Data Protection Regulation (GDPR) (EU) 2016/679 states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individual’s data is not processed without their knowledge and is only processed with their ‘explicit’ consent.
Aqua Law Limited is committed to protecting the rights and freedoms of individuals with respect to the processing of personal data. GDPR gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
In order to provide legal services to you and for related purposes (including, updating and enhancing client records; analysis to help us manage our practice; statutory returns; legal and regulatory compliance and crime prevention) we may obtain, process, use and disclose personal data about you.
Our use of that information is subject to your instructions, the GDPR and our duty of confidentiality. Please note that our work for you may require us to give information to third parties such as expert witnesses and other professional advisers. You have a right of access under data protection legislation to the personal data that we hold about you.
When processing personal data for accounting and auditing in accordance with Solicitors Regulatory Authority rules, taxation and related services, we act as the data controller. We will comply with the obligations GDPR places on us as a data controller. For services such as tax returns you are the data controller and we act as the data processor and we will comply with the obligations the GDPR places on us as a data processor.
If we appoint an expert witness to give evidence, the expert witness could be classed as a ‘data processor’ as they too may process your personal data. But they will not be in ‘control’, they will be acting under instruction from us. In this instance we will be the data controller. The expert witness will be the data processor.
We record clients’ names, addresses, telephone numbers, email addresses, dates of birth and National Insurance numbers, as applicable. Information is stored on our secure computers and locked filing system. In the course of acting for you, certain information may be sent to third parties via a secure electronic file transfer system.
At any point you can make a request relating to your data and we will provide a response within 14 days. We can refuse a request, i.e. if we have a lawful obligation to retain data but we will inform you of the reasons for the rejection.
You have the right to request the deletion of data where there is no legal reason for its continued use. If you request that your personal data is removed from our systems, where a case is linked to the contact record, the request cannot be fulfilled, because case files have to be kept for a specific length of time by law. You have the right to complain to the ICO if you are not happy with our decision.
You can object to your data being used for certain activities like marketing or research.
Access to all office computers is password protected and the passwords are changed every 90 days.
GDPR places a responsibility on us to process any personal data in accordance with eight principles. Detailed guidance on these principles can be found by following this link to the ICO’s website (www.ico.org.uk). We adhere to the eight principles.
By accepting these Terms you give positive consent for us to obtain, store and process information about you as described in the preceding paragraphs. You agree that where necessary you will have obtained any appropriate consents from individuals, in connection with the above-described categories of processing, before providing us with personal data.
It is also a term of the Engagement that any personal data supplied by us to you about employees or directors of Aqua Law Limited and/or any third parties may only be used for the express purposes for which that information is provided to you.
