PWL gives you our commitment to protect and respect your privacy. We explain our Policy below as to when and why we collect personal data from our visitors to our website and our clients; how we use that data, the limited conditions under which we may have to disclose it to others and how we keep it secure.
We are likely to make changes to this Policy from time to time. We will always provide you with an up to date version where you are instructing us to act for you. We will also regularly review your consent to be bound by this Policy, and provide any information to you that you require to be clear on your rights under the GDPR. If there is anything within this Policy that you do not understand then please do feel free to ask us.
Our contact details are supplied below for you to address any questions regarding this Policy and our Privacy practices.
Who are we?
Patricia White Lawyer Ltd is a specialist civil and employment dispute resolution law firm based at Suite 11, Tower House Business Centre, Fishergate, York, YO10 4UA. Our trading name is PWL. We are regulated by CILEx Regulation Limited registration no. 2163508 . Patricia White Lawyer Ltd is the ‘Controller’ of the personal data you provide to us.
The six lawful bases for processing the information you provide to us are:
(ii) Performance of a contract
(iii) Compliance with a legal obligation
(iv) Your vital interests
(v) Public interest
(vi) Patricia White Lawyer Ltd’s legitimate interests
How do we collect information from you?
We do automatically collect certain non-personally identifiable information when you visit our site – such as the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider. We obtain information about you from you when you complete an enquiry or onboarding form on our website and when you instruct us to act.
We use non-personally identifiable information to analyse site usage (such as aggregated information on the pages visited by our users), which allows us to improve the design and content of our site.
If we have acted for you previously we will still ask you to provide us with information whenever you instruct us. This gives us an opportunity to make sure that we hold accurate, appropriate and up to date information about you.
We collect information from you through our website enquiry and onboading form, by telephone, email, and during face to face meetings with you. We collect as much information as possible at the beginning of our relationship with you and will ask for additional information as your case progresses.
What type of information is collected from you?
The personal data we collect will include the following:-
• your name (and any former name)
• email address
• contact telephone number(s)
• date of birth
• National Insurance number
• Passport/Driving Licence number
• Employment details
• Bank account details
We also scan and/or copy your photograph identification documents such as your passport or driving licence and a utility bill which we are required to do for compliance with money laundering regulations.
We collect the above information as part of the contract that you enter into with us when you instruct the firm. We are required to collect this information so that we can provide our services to you and also to ensure we comply with our legal obligations and regulatory requirements.
Our website provides the facility to make a payment when you do so, we do not hold any of your card details, this is collected by a third party, Rapidpay who are a secure online processor. If you make a card payment to us over the telephone we do not store your information once the transaction has been completed.
How is your information used?
Your information is used for the following and separate signed consents are required where indicated with and asterisk *:-
- Act on your instructions to provide you with our services
- Entering into communications with you
- Acting on your behalf under our contractual obligations to you
- Processing payments you make to us by debit or credit card
- Undertake due diligence and money laundering/identity check
- Transferring funds upon your request
- We will notify you of changes to the services we deliver
- We may seek feedback on our services
- Send you our newsletter with legal updates or marketing information*
- Storage of your documents once your case has concluded
What are Your Rights?
• Requesting access – Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information. In particular, information that is subject to legal professional privilege will not be disclosed other than to our client and as authorised by our client.
• Requesting a correction – Requesting that we correct your personal information if it is inaccurate or incomplete.
• Requesting erasure – Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
• Objecting to processing – Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
• Request transfer – In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit that information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.
• Withdraw consent at any time – Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
• Raising a Complaint – Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us. We can, on request, tell you which data protection authority is relevant to the processing of your personal information.
We are legally required to hold some types of information to fulfil our statutory or legal obligations. We only hold your personal data on our systems for as long as is necessary for the relevant activity, or until conclusion of our contract with you.
Who has access to your information?
We do not sell or rent your personal information to third-parties for any reason including marketing purposes.
We may share your personal information with third parties, only to the extent necessary to run our business, provide a service to you, comply with the law, enforce our legal rights or because you have provided consent.
We will not disclose your information in any other circumstance unless we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. This may include the following:
• Third party agents/suppliers or contractors, in connection with the processing of your personal information for the purposes described in this Policy. This may include, but is not limited to, website hosting, IT and communications service providers.
• Third parties relevant to the services that we provide i.e. other Solicitors or Barristers, Experts, Courts or Tribunals.
Other third parties that we share your information with includes:
• Our regulators – CILEx Regulation Limited
o Leap Case Management is a cloud-based client case management system storing all personal data through which information can be shared on Law Connect
o Zaliet website is an interactive platform providing facilities to clients and visitors to the website to process and enquiry online through enquiries, onboarding and appointment interactive tabs
o Rapidpay – Debit and Credit Card Payment Processors: When you make any debit or credit card payment at our offices, by telephone or via our website, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
o Lawtap is an online diary system for making appointments direct into the company calendar providing name and contact details
o Google Analytics is a web analytics service offered by Google which tracks and reports website traffic
o Social media and review sites (Facebook, Twitter, Linked In, YouTube, Trust Pilot) allow you to give us feedback so that we can improve our service. If you follow us or share posts we can share information with you that you might find useful
o MailChimp allows us to send, receive and track the emails we send to you
o Visual Website Optimiser is a website research and testing platform that allows us to improve our online experience for you by learning how you use our website
We may also share data with security consultants to help us get better at identifying spam. Some information we get may be collected by third party providers on our behalf.
To the extent required by law, regulation or court order, for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation.
Where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process.
We will also monitor, and store any telephone, email or other electronic communications with you for training purposes so that we can check any instructions given to us and to improve the quality of our customer service.
Direct Marketing – Your choices
Patricia White Lawyer Ltd only actively markets products occasionally to our clients. You have a choice about whether or not you wish to receive information about our other services.
We will not contact you for direct marketing purposes by email, post, phone or text message unless you have given your prior consent.
If you choose to opt-in to our direct marketing communications, we will use your information to tell you about services available from us which may be of interest to you. We may also use your information to tell you about products and services which we can introduce from selected businesses. You can change your marketing preferences at any time by contacting us.
How long will the data be stored for?
Where possible, we will take steps to erase any personal data that is no longer necessary for the purposes for which it is collected or otherwise processed, or if you have withdrawn consent for its processing and retention.
As a general rule, if you enter into or took steps to enter into a contract with us we will store the data for period of six years for compliance with our general legal obligations and for the exercise or defence of any legal claims.
Where a solution was not entered into, we will delete your information 12 months after the date you decide not to progress.
Under the GDPR, you have the right to ‘block’ or request the deletion or removal of personal data to prevent further processing. This right to erasure is also known as ‘the right to be forgotten’.
Specific circumstances in which you can request the deletion or removal of personal data includes:
• where the personal data is no longer necessary for the purposes for which it is collected or otherwise processed
• where you withdraw consent
• when you object to the processing and there is no overriding legitimate interest for continuing the processing
• where the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
• where the personal data has to be erased in order to comply with a legal obligation
• in case a deletion is not possible due to legal, statutory or contractual retention periods, or if it requires disproportionate efforts or prejudices your legitimate interests, the data will be blocked instead of deleted.
Sharing of data with other data controllers
We take your privacy seriously and the information we hold about you is confidential. We will only disclose it outside of Patricia White Lawyer Ltd when:
• you have given us your consent to do so
• it is necessary for the performance of an agreement of which you will be made aware
• in order to obtain professional advice (e.g. legal advice)
• we or others need to investigate or prevent crime (e.g. to fraud prevention agencies)
• the law permits or requires it
• regulatory or governmental body request or requires it, even without your consent, or
• there is a duty to the public to reveal the information
Where sharing this information with other data controllers, we will obtain your explicit consent beforehand in order to do so.
If you give us false or inaccurate information and fraud (in any form) is identified, details will be passed to the fraud prevention agencies and/or Law enforcement agencies. We and other organisations may also share, access and use this information to prevent fraud and money laundering. We only share information if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public; or to detect, prevent, or otherwise address fraud, security or technical issues.
Links to other websites
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Any forms which are available on our website are powered by Jotforms also bound by the EU General Data Protection Regulations. When you fill out a form, the data that you submit will be forwarded to Jotforms and will be collated into an email and sent to us. The data that you submit via the form will not be stored within our website’s own database it will be populated into our LEAP case management system (which we have listed as a third party) if you instruct us to act for you.
Your data will remain within Jotform’s secure database in the EU for as long as we continue to use Jotform’s services or until you specifically request removal by emailing us. We consider JotForm to be a third party data processor. For more information, please see https://www.jotform.com/privacy/
Transferring your information outside of Europe
We may transfer your personal information outside of the European Economic Area.
If we do transfer your personal data outside the EEA:
• it will be because you have consented or because we have a legal reason to do so; and
• we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
Children 16 or Under
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal data, we take steps to ensure that it is stored securely and confidentially.
Emails: Your email address and the contents of any emails passing between us are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive such information, we store it securely and confidentially on our systems.
A cookie is a piece of data stored on a user’s hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them:
• Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies,
Protecting your privacy
In order to protect the personal data collected from you by Patricia White Lawyer Ltd against accidental or deliberate manipulation, loss, destruction or the access of unauthorised persons, technical and organisational security measures are constantly improved as part of our technological development. In addition, our employees, subcontractors and other support staff are obligated to observe confidentiality and data privacy.
Wherever possible, we have tried to create a secure and reliable website for our users. However, you recognise that your use of the Internet and our website is entirely at your own risk and we have no responsibility or liability for the security of personal information transmitted via the Internet.
All passwords and usernames allocated to you if you choose to use Law Connect must be kept secret and must not be disclosed to anyone without our prior written authorisation. Where Law Connect is used as a forum to share documents with other parties involved in your case, your explicit consent will be sought beforehand.
You must not use any false identity in email or other network communications and you must not attempt or participate in the unauthorised entry or viewing of another user’s account or into another system.
You must not use the services and/or network systems or any part thereof for fraudulent activities, or to breach another organisation’s security (cross-network hacking). This is an illegal act and prosecution under criminal law may result.
We will monitor network traffic from time to time for the purposes of backup and problem solving and in order to ensure that you are not misusing any of the services provided to you.
If at any time we become aware that your data has been compromised, or that a breach of our systems and controls has occurred, which has an impact on the security of your data, we will notify the Information Commissioner’s Office, and you, without undue delay.
Subject Access Requests
You have the right to request access to a copy of the personal information that we hold about you. This is also known as a ‘Subject Access Request’. This information is provided to you free of charge however, we can refuse to respond or charge a ‘reasonable fee’ of £10 inc. VAT when a request is manifestly unfounded, excessive or repetitive.
If you would like a copy of the information we hold on you, or believe that we are holding information about you which is incorrect or incomplete, please write to:
Patricia White Lawyer Limited
Compliance Unit, Suite 11, Tower House Business Centre, Fishergate, York, YO10 4UA
Phone: 07484 709 854
We will respond to your request without delay and at the latest, within one month of receipt of your request.
Rectifying or updating personal data
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you believe the personal data we hold about you is inaccurate or incomplete, you have the right to rectification. You can let us know about any changes to be made. Where possible, we will also inform any third parties to whom we have disclosed the personal data in question to, so that they can rectify their records.
We will typically respond to your request within one month, although this can be extended by two months if your request for rectification is complex.
You have the right to ask for a copy of the information we hold about you.
Right to complain
If you have a complaint about any aspect of data protection or if you feel your privacy has been breached by us, we would like to hear from you. To help us investigate and resolve your concerns as quickly as possible, please contact:
Patricia Mary White – Compliance Manager
Suite 11, Tower House Business Centre, Fishergate, York, YO10 4UA
Phone: 07484 709 854
If you are unhappy with the final response you have received from us you have the right to complain to the supervisory authority, the Information Commissioner’s Office (ICO) within three months of your last meaningful contact with us. You can call the ICO on 0303 123 1113 or visit https://ico.org.uk .
Due to potential further development of our website, government regulations or the implementations of new technologies, this policy will be reviewed, and may change, from time to time. Patricia White Lawyer Ltd reserves the right to change this data protection information at any time with effect for the future.
The revised policy will be posted to the website and a copy sent to current clients at the time of the revision, We are committed to ensure that our website visitors and our clients are always aware of the information we collect, how we use it and under what circumstances we disclose it. We also recommend you read the current data protection information again from time to time.
How to contact us and other important information
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us. You can do this by writing to us at Suite 11, Tower House Business Centre, Fishergate, York, YO10 4UA or by email to firstname.lastname@example.org.
Review of this Policy
We keep this Policy under regular review as we consider changes are applied to how we provide our services, regulatory requirements and changes in legislation. Our latest update is 8 May 2019 due to changes to the added online payment facility, website enquiry, onboarding forms and facility to enter personal data to make appointments direct into our calendar, which are completed by visitors to our website, and current clients.
Last updated: 8 May 2019