This privacy notice sets out how The Community Law Partnership Limited uses personal information from clients.
Who We Are
Data is collected, processed and stored by The Community Law Partnership Limited and we are what is known as the “data controller” of the personal information you provide to us. The Community Law Partnership is a Limited Company, registered number 07956828, authorised and regulated by the Solicitors Regulation Authority under number 567240.
What We Need
We will only collect information from you that is relevant to the matter that we are dealing with. There are two types of personal data (personal information) that you may provide to us:-
• Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth, contact details, financial information etc.
• Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation and physical and mental health details.
In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However, some of the work we do may require us to ask for more sensitive information.
Why We Need It
The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples, although not exhaustive, of what we may use your information for:-
• Verifying your identity
• Verifying source of funds
• Communicating with you
• To establish funding of your matter or transaction
• Processing your legal transactions including: providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions.
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts
• Responding to any complaint or allegation of negligence against us
Who Has Access To It
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within The Community Law Partnership. There are strict rules about who we can share your information with. However there may be circumstances, in carrying out your legal work, where we need to disclose some information to third parties; for example:-
• HM Courts and Tribunal Service (HMCTS)
• Asking an independent Barrister or Counsel for advice; or to represent you
• Solicitors acting on the other side
• Medical Experts
• Healthcare professionals, social and welfare organisations
• Translation Agencies
• Contracted Suppliers and other Experts required to provide reports in connection with
• your case, e.g. Environmental Health Officer
• External auditors or our Regulator e.g. The Legal Aid Agency (LAA), Lexcel, Solicitors
• Regulation Authority (SRA), The Law Society, Information Commissioner’s Office (ICO)
• The Benefits Agency and The Department for Work and Pensions (DWP)
• HM Land Registry
• HM Revenue and Customs (HMRC)
• The firm’s Professional Indemnity Insurance Company
• Any disclosure required by law or regulation; such as the prevention of financial crime
• and terrorism
• If there is an emergency and we think you or others are at risk
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
How Do We Protect Your Personal Data
We will take all appropriate measures to secure your personal information from being used or accessed or accidentally lost or disclosed. Our offices are secure and alarmed and we enforce, where possible, physical access controls to our building and files to keep data safe.
We hold data electronically in our secure document management system and in our onsite file servers. Network infrastructure is protected using Firewalls and anti-malware software. We dispose of or delete your data securely where necessary.
We limit access to your personal information to those employees or third parties such as barristers or experts relevant to your matter who have a need to know.
We have put in place a policy to address any suspected data security breach and we will notify you and any applicable regulator or a suspected breach where we are legally required to do so.
How Long Will We Keep Your Information For
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:-
• As long as necessary to carry out your legal work
• For a minimum of six years from the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purposes of defending complaints or claims.
• Some information or matters may be kept for 20 years, such as files relating to child matters, as required by law.
What Are Your Rights
Under GDPR, you are entitled to access your personal data (otherwise known as “right to access”). If you wish to make a request, please do so in writing address to our Data Protection Officer, Craig Keenan, or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, data of birth, information regarding your health etc. – but it does not mean you are entitled to the documents that contain this data. Under certain circumstances, in addition to the entitlement to “access your data”, you have
the following rights:-
• The right to be informed: which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data
• The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete
• The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
· where the personal data is no longer necessary in regards to the purpose for which it was originally collected;
· where consent is relied upon as the lawful basis for holding your data and you withdraw your consent;
· where you object to the processing and there is no overriding legitimate interest for continuing the processing;
· where the personal data was unlawfully processed.
• The right to object: you have the right to object to processing based on legitimate interests. This right only applies in the following circumstances: you must have an objection on grounds relating to your particular situation; we must stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
• The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted we can store the data but not use it. This right only applies in the following circumstances: where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data; where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests) and we are considering whether our organisation’s legitimate grounds override your right; where processing is unlawful and you request restriction; if we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
Complaints About The Use Of Personal Data
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Craig Keenan who can be contacted on
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 or online at www.ico.org.uk
We do not use your personal data for any direct or indirect marketing purposes. We never send marketing communications. We do not pass or sell your details to any third party for marketing purposes.
Any questions regarding this notice and our privacy practices should be sent by email to
LEGAL AID AGENCY PRIVACY NOTICE
If the Community Law Partnership are applying for Legal Aid to fund your case the Legal Aid Agency’s Privacy Notice will also apply. Please see the attached document:-