Reena Ghai LBB Hons Solicitors is registered with the Information Commissioner’s Office
The Data Protection Officer (DPO) has the responsibility of ensuring Compliance with the new General Data Protection Regulation (GDPR) 2018.
Our private policy explains how we use any personal information we collect about clients who use our services or staff.
Glossary of Terms
What is personal data?
Personal data relates to any information about a natural person that makes you identifiable which may include (but is not limited to):
- Names and contact information i.e. email and telephone numbers
- National Insurance Numbers
- Employment history
- Personal tax
What is sensitive personal data?
Sensitive personal data refers to the above but includes genetic data and bio-metric data. For example:
- Medical conditions
- Religious or philosophical beliefs and political opinions
- Racial or ethnic origin
- Bio-metric data (e.g. photo in an electronic passport)
What is a Data Controller?
For general data protection regulation purposes, the “data controller” means the person or organisation who decides the purposes for which and the way in which any personal data is processed.
What is a Data Processor?
A “data processor” is the firm Reena Ghai LLB Hons Solicitors which processes personal data for the controller in respect of family or mediation work.
What is Data Processing?
Data processing is any operation or set of operations performed upon personal data, or sets of it, be it by automated systems or not. Examples of data processing explicitly listed in the text of the GDPR are: collection, recording, organising, structuring, storing, adapting, altering, retrieving, consulting, using, disclosing by transmission, disseminating or making available, aligning or combining, restricting, erasure or destruction.
The DPO has the necessary skills for this position which are detailed below:
- Understanding in data protection laws and practices
- An understanding of the GDPR
- Understanding of data processing operations and data security
- Knowledge of the relevant business sectors to the firm
- Good communication skills
- Ability to promote a data protection culture within the firm.
What Information do we collect?
The Data Controller is bound by the requirements of the General Data Protection Regulations (GDPR).
Clients agrees that the firm is entitled to obtain, use and process the information the client provides to the firm to enable the firm to discharge the Services (as defined in our Terms and Conditions) and for other related purposes including;
- Updating and enhancing client records
- Legal and regulatory compliance
- Crime prevention.
Use of Information
Reena Ghai LLB Hons Solicitors take client’s privacy seriously and will only use client’s personal information to provide the Services they have requested from the firm as detailed in our Letter of Engagement. The firm will only use the information subject to client’s instructions, data protection law and our duty of confidentiality.
We may receive personal data from clients for the purposes of our money laundering checks, such as a copy of passport. This data will only be processed for the purposes of preventing money laundering and terrorist financing, or as otherwise permitted by law or with client’s express consent.
Our work for you may require us to pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing the services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the services.
We will not share client’s information for marketing purposes with companies so that they may offer client’s their products and services.
Access to Information, Correction, Portability and Deletion
What is a Subject Access Request?
This is a client’s right to request a copy of their information that we hold.
If a client would like a copy of some or all their personal information, this must be done in writing to Reena Ghai LLB Hons Solicitors, Stable Cottage, 42 High Street, Cranford, TW5 9RU or mail firstname.lastname@example.org.
Reena Ghai will respond to the request within one month of receipt of the request.
The firm will ensure that client’s personal information is accurate and up to date, therefore the client may ask us to correct or remove information they think is inaccurate by writing/emailing to the above address.
Deletion of Personal Data
In line with the firm’s policy:
After completing work on a matter, the firm is entitled to keep certain papers while there is any money owing in respect of our charges and expenses.
We will keep our file of papers, except for any which the client has asked to be returned. Paper files are kept in accordance to SRA REGULATIONS for at least six years and on the understanding by the client that we have their authority to destroy it after six years from the date of the final bill, unless the client wishes their personal data be destroyed earlier.
Objections to Processing of Personal Data
It is the client’s right to lodge an objection to the processing of their personal data if they feel the “ground relating to their particular situation” apply. The only reasons we will be able to deny client’s request is if we can show compelling legitimate grounds for the processing, which override client’s interest, rights and freedoms, or the processing is for the establishment, exercise or defence of a legal claims.
It is also client’s right to receive the personal data which they have given to us, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without delay from the current controller (case transfer) if:
(a) The processing is based on consent, and
(b) The processing is carried out by automated means.
Client’s Right to be Forgotten
Should the client wish for us to completely delete all information that we hold them this must be done in writing to Reena Ghai LLB Hons Solicitors, Stable Cottage, 42 High Street, Cranford, TW5 9RU or mail email@example.com. .
If the client feels that their personal data has been processed in a way that does not meet the GDPR, they have a specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner’s Office.
Reena Ghai LLB Hons Solicitors act in compliance with the following Acts:
- Terrorism Act 2000
- Proceeds of Crime Act 2002
- Anti-Bribery Act 2008
- Equality Act 2010
- Criminal Finances Act 2017
- Money Laundering Regulation 2017
- Office of Financial Sanctions Implementation (OFSI) Policy