Data protection notice – Olivia Whitcroft
My name is Olivia Whitcroft and I am a controller in relation to the processing of personal data when I provide legal consulting services, as described in this notice. I am based in the UK, and I am registered with the Information Commissioner’s Office, registration number: Z2818829.
Please contact me by email: email@example.com; or by phone: 07973 864858.
- I am not the controller where I handle personal data as a processor on behalf of my client whilst providing legal consulting services (so the client is deciding how and why such data is used). In these cases, my client is the controller and the relevant use of data is not covered by this data protection notice.
- I also run the law firm OBEP, which has a separate data protection notice – see www.obep.uk/privacy.html.
I collect and use personal data about my clients, potential clients and other business contacts in order to provide legal consulting services. This includes names, contact details, and the contents of communications with or about you.
As well as communicating with you using my communications systems (such as email), I may also connect with you or follow you on social media, in order to keep up to date with your activities and business issues of interest.
I may also use personal data:
- to comply with regulatory and other legal requirements, for example requirements of the Solicitors Regulation Authority (as I am a solicitor regulated by the them), and tax requirements of HMRC; and
- to protect or enforce my legal rights or in relation to any legal claims, for example if there is a dispute about the services I am providing.
3. Legal basis
My legal bases for processing of personal data are:
- processing necessary for my legitimate interests in providing legal consulting services, for example, to provide the services, to handle queries and complaints, to manage any complaints or disputes, to maintain appropriate records of communications, for billing and to manage my finances, and otherwise to manage my relationship with you or my client; and
- processing necessary to comply with a legal obligation, for example anti-money laundering legislation, or requirements of the Solicitors Regulation Authority or HMRC.
- processing necessary for the legitimate interests of another party, for example my client who is receiving legal services from me; and
- any other processing of personal data with your consent. I would provide you with more details of the proposed use of your data at the time of seeking consent. You may withdraw any consent you have given by emailing me at: firstname.lastname@example.org.
I may collect data directly from you, or from other people within your business or from other business contacts (for example, where relevant to the services I am providing).
Where I collect personal data from you relating to other individuals (e.g. your colleagues, customers, or other business contacts), I may rely on you to make such individuals aware that their details are being disclosed to and processed by me. Please direct such individuals to this notice for more information about how I may use their data.
I may also collect relevant information from publicly available sources, such as Companies House, the press, your website and social media.
5. Recipients and international transfers
I may share your data with other people, as follows:
- my clients (or my clients’ other advisors), where relevant and appropriate to the services I am providing. This may involve the transfer of data outside the UK if my client or its communications systems are located outside the UK;
- providers who help me with my email and accounting systems. Your data may be held on these providers’ systems. As at the date of this notice, my providers and I mainly hold data within the UK, but my accounting system provider may also hold back-ups outside the UK and the European Economic Area – see footnote. I seek to minimise personal data stored on this system and will not generally use individual names;
- my professional advisers, as relevant to the advice they are providing;
- regulatory and governmental bodies, for example the SRA and law enforcement authorities;
- providers of insurance services; and
- other parties where required or permitted by law, or with your consent.
My standard retention period for client data is eight years following closure of the relevant matter.
7. Your rights
You have rights in relation to your personal data, including the right to:
- access a copy of the data which I hold about you (as a controller);
- object to my processing your personal data (where my legal basis is legitimate interests);
- request a restriction on my use of your personal data;
- request that your personal data is corrected or erased; or
- if my processing is based on your consent, request that I provide you in a structured form with personal data which you have given to me (known as the right to “data portability”).
Please contact me for more information about these rights or if you wish to exercise them: email@example.com.
Note that there are certain exemptions to taking action where you exercise a right, which I will consider on a case by case basis.
You also have the right to complain to the Information Commissioner’s Office if you are unhappy about our use of your personal data. See www.ico.org.uk.