WHAT IS THIS?
1. Hopkins Law and Hopkins Equity Law take privacy seriously and we are committed to protecting the data you provide to us.
2. This policy explains when and why we collect personal data about you, how this data is used, the conditions under which it may be disclosed to others, and how it is kept secure.
3. This policy may change from time to time so please re-visit this page occasionally to ensure that you are happy with any changes.
WHO WE ARE
4. Hopkins Law and Hopkins Equity Law are the two trading names of Hopkins Law Limited.
5. Hopkins Law Limited is a limited company with registered company number 6919237 and its registered office is at 20 Windsor Place Cardiff CF10 3BY.Hopkins Law is the controller of your personal data when you engage it to provide services to you; this means that Hopkins Law decides why and how your personal data is processed. Hopkins Law is registered with the Information Commissioner under registration number Z1984194.
6. Where this policy refers to “Hopkins Law “, “Hopkins Equity Law l”, “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to the particular company that is the controller of your personal data.
HOW WE COLLECT YOUR PERSONAL DATA
7. We may collect and process the following information about you in the following ways.
8. We may receive information about you from you or third parties when we are acting for a client and we are required to obtain information about you, for example if you are a beneficiary of an estate or a party or a witness in a litigation case. The information we receive may include your contact details, identification information, financial information, employment information and details included in any correspondence and information about you in connection with any matter on which we are engaged to advise our client (including biographical and personal/circumstantial details). Where we receive information about you, we will only use that information for the purposes of the legal transaction.
Information that you give to us
10. The information you give to us mainly includes your contact details, identification information, financial or billing information, employment information and details included in any correspondence and information about you in connection with any matter on which we are engaged to advise you (including biographical and personal/circumstantial details to help us pursue or defend your case).
Information we receive from other sources
11. We may receive information about you from third parties. For example from:
|In transactional mattersLaw firms, accountants and other professional advisors acting for you where our client is a party to or otherwise concerned in the course of, for example:a commercial or domestic property transaction; a family, trust or probate matter; and due diligence.|
|In Family and Child care mattersLaw firms, counsel, experts and other professional advisors acting for you or for us on your behalf, or from third parties, where our client is a party to or otherwise concerned in the course of, for example:mediation and other forms of alternative dispute resolution; potential or actual litigation; disclosure, exchange of witness or expert evidence; and obtaining employment, heath, educational records or reports.|
|Customers of financial institutionsBanks, building societies and finance companies, where you are their customer/debtor, who are clients of ours or from whom we are given or request information.|
|Clients acting in a representative capacityPersonal representatives, attorneys, trustees, who may provide us with information in connection with a matter which we are conducting for a client. Friends, family members or colleagues who may provide information to us about you as part of the work we undertake for them, for example where you are or may be: |
– a beneficiary of an estate or trust;
– appointed by them in some representative capacity, such as executor; or
– a subject in or a witness in a Family or Child Care matter.
|Our peopleRecruitment consultants who may provide information about you to us in relation to a potential job at Hopkins Law; Employers who may provide a reference on you to us; Court agents, court officers and trace agents.|
|RegulatoryRegulatory bodies when making regulatory enquiries; The police when making enquiries into potential criminal offences.|
|Introducers and referrersProfessional advisers who may refer your case or matter to us. Any other introducer of a case or matter to us.|
12. We may supplement the personal data collected from you with information from publicly available sources, such as information to validate your identity or address, or to perform a credit check.
13. The information that we receive about you from others mainly includes contact details, biographical, behavioural, fraud, billing and legal information.
14. Please note that your provision of documents for identity verification purposes is necessary for us to comply with our legal and statutory obligations. Failure to provide these documents will result in our being unable to undertake identity verification as required by the Money Laundering Regulations 2017 and, subsequently, we will not be able to act for you or the organisation instructing us, as applicable.
TYPE OF PERSONAL DATA WE PROCESS ABOUT YOU
15. As a law firm dealing with cases and matters, we may process a range of personal data about you. To make it easier to understand the information that we use about you, we have divided this information into categories in the table below and provided a short explanation of the type of information each category covers (please note that not all categories may be applicable to you):
|Category||Personal data included in this category|
|Banking/Billing||information used to send/receive funds to/from you or that appears on your bills|
|Biographical||your life experiences and circumstances|
|Cardholder||your payment card details|
|Contact||information which can be used to address, send or otherwise communicate a message to you (ie email address, postal address, employer name and job title)|
|Correspondence||information contained in our correspondence or other communications with you or about you, about our products, services or business|
|Employment||your previous, current or future employment details|
|Identification||information contained in a formal identification document or social security or other unique reference relating to you|
|Legal||information relating to legal claims made by you or against you or the claims process|
|Monitoring||we may record phone calls and retain transcripts of dialogue either for our records or for training purposes.|
|Sensitive/Special Categories of Personal Data||your racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, any personal data that relates to your health, sex life, sexual orientation or criminal offences or records or any genetic or biometric data about you|
HOW AND WHY WE USE YOUR PERSONAL DATA
16. We may use the information we collect about you in the following ways:
Where it is necessary for us to perform a CONTRACT with you
17. We may use and process your personal data where we have supplied you (or continue to supply you) with any legal services, where we have arranged for the supply of another firm’s services to you, or where you are in discussions with us about a particular matter on which you are considering taking advice.
18. We will use your information in connection with the contract for the provision of services when it is needed to carry out that contract or for you to enter into it.
19. We may also use and process your personal data in connection with our recruitment activities, if you apply for a position with us (whether directly or through a third party) or send your details to us on a speculative basis.
Where we have a LEGITIMATE INTEREST
20. We may use and process your personal data where it is necessary for us to pursue our legitimate interests as a business for the following purposes;
- to carry out our conflict checks to ensure that we are able to provide services to you;
- to enter into and perform the contract we have with your business;
- to assess and improve our service to clients through recordings of any calls;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of the data that we hold about you and to create a better understanding of you as a client;
- to undertake analysis to inform our business and marketing strategy;
- to manage and deliver internal projects for business improvement;
- for network and information security purposes to enable us to take steps to protect your personal data against loss or damage, theft or unauthorised access;
- to comply with a request from you in connection with the exercise of your rights (for example, where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- to assist in the management of queries, complaints or claims;
- for the establishment, exercise or defence of our legal rights.
Where you have provided CONSENT
21. Please note that your information may be used to send you details of events that we have identified as likely to be of interest to you, based on the preferences you have indicated to us.
22. We will seek separate and specific consent from you in circumstances where we wish to feature your identity in a published case study, press release, advertisement or testimonial or wish to include your image in a photograph or video in connection with public relations or promotional activities.
23. You have the right to withdraw your consent at any time. Please see Withdrawing your consent for further details.
Where required by LAW
24. Where you engage us to provide legal services to you, we will need to process your personal data and the personal data of third parties in order to comply with our legal obligations, for example under the Family Procedure Rules. We also have a legal obligation to comply with the SRA’s Code of Conduct and the Financial Conduct Authority Handbook.
25. It is also a legal requirement for you to provide us with information to verify your identity in connection with anti-money laundering and criminal financing legislation. We will use that information for the purpose of complying with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (or such other legislation that may replace or supersede these Regulations from time to time) unless we have obtained your consent to use it for any other purpose.
26. We may also use and process your personal data in order to comply with other legal obligations to which we are subject, as follows:
- to maintain a register of corporate gifts and hospitality to comply with anti-bribery laws;
- to maintain a record of undertakings where you are either a beneficiary of an undertaking or the person obliged to perform it;
- to maintain a record of undertakings where Hopkins Law is the giver or receiver of an undertaking; and
- to comply with our other legal and regulatory obligations, e.g. undertaking conflict checks.
In the VITAL INTERESTS of the individual
27. From time to time in the course of representing individuals who may be troubled, in danger, very young or otherwise unable to exercise due care for their own safety, we may in extreme circumstances use information about our client or a person connected with them in order to take action to protect them.
Special categories of personal data
28. We may need to use more sensitive personal data (known as “special categories of personal data”) about you or others associated with you, for example your family/carers. We will only use this kind of information where:
- we have your explicit consent;
- it is necessary for us to use this information to protect your vital interests or those of another person where it is not possible to obtain consent;
- it is necessary for us to do so in connection with the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; or
- in exceptional circumstances, another of the grounds for processing special categories of personal data are met.
29. Where you have provided us with explicit consent to use special categories of personal data about you, you may withdraw your consent for us to use this information at any time. Please see Withdrawing your consent for further details.
30. Please note that if you choose to withdraw your consent for us to use special categories of personal data about you, this may impact our ability to provide legal or support services to you.
OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL DATA
Our suppliers and service providers
31. Our work for you may require us to provide information to third parties who will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include Insurers, for example.
32. When we use third party service providers, we only disclose to them any personal data that is necessary for them to provide their services and we have an agreement in place that requires them to keep your data secure and not to use it other than in accordance with our specific instructions.
Others involved in your case or matter
33. Our work for you may require us to provide information to third parties such as law firms, accountants, counsel, expert witnesses, medical professionals and other professional advisers, who will use your information in connection with your case. They may provide their own services directly to you.
34. Where we are engaged by a third party such as a bank or lender in connection with your contract with them, we may share information with that third party about the progress of the case.
35. Any third party to whom we disclose information about you will be under an obligation to keep your information secure and not to use it for any purpose other than that for which it was disclosed unless you agree with them otherwise.
Credit/debit card payment processors
36. All payment information is handled using encrypted technology and we are compliant with the Payment Card Industry Data Security Standards (PCI-DSS). Where you make a payment to us by credit or debit card, we will use the payment card information only for the purpose of processing that specific transaction.
37. No credit or debit card details are stored once your payment has been processed and the transaction is completed.
38. When you pay for any services over the telephone, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
Other ways in which we may share your personal data
39. We may transfer your personal data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal data if we are under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to protect your vital interests, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and clients. However, we will always take steps to ensure that your privacy rights continue to be protected.
WHERE WE STORE YOUR PERSONAL DATA
40. All information you provide to us for our use is stored on our secure servers which are located within the UK and the European Economic Area (EEA).
41. The third parties listed under Others who may receive and have access to your personal data may be located outside of the EEA or they may transfer your data outside of the EEA. Those countries may not have the same standards of data protection and privacy laws as in the UK, which means additional safeguards must be put in place. Whenever we transfer your data outside of the EEA, we impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the UK. We may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing. Any third parties transferring your data outside of the EEA must also have in place appropriate safeguards as required under data protection law.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA FOR
42. If we collect your personal data, the length of time for which we retain it is determined by a number of factors including the type of data, the purpose for which we use that data and our regulatory and legal obligations attached to this use. We do not retain personal data in an identifiable format for longer than is necessary.
43. We maintain internally a full schedule of types of data and the specified period of time we will retain this for.
44. Typically, the retention criteria are as follows for the following data types:
|Data category / document||Retention period/criteria|
|Client/customer data||Retention in case of queries or claims. We will retain client files for a minimum of 7 years.|
Retention of data about potential instructions. We will keep this data for a period of 6 months up to 7 years, depending on the type of transaction.
Retention in accordance with legal and regulatory requirements. We will carefully consider whether we need to retain your personal data after the period described above in case of a legal or regulatory requirement.
|Recruitment data||We will retain your application data for up to 12 months following receipt of your application.|
45. The only exceptions to this are where:
- the law requires us to hold your personal data for a longer period, or delete it sooner;
- you exercise your right to have the data erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see Erasing your personal data or restricting its processing); or
- in limited cases, the law permits us to keep your personal data indefinitely provided we have certain protections in place.
46. You have a number of rights in relation to your personal data under data protection legislation. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity; or (ii) where we do not need to do this because we already have this information, from the date we received your request.
Accessing your personal data
47. You have the right to ask for a copy of the data that we hold about you by emailing our Data Privacy Manager Kerry Mordey email@example.com or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal data if it concerns other individuals or we have another lawful reason to withhold that data.
Correcting and updating your personal data
48. The accuracy of your data is important to us. If you change your name or address/email address, or you discover that any of the other data we hold is inaccurate or out of date, please let us know by contacting us using the details set out at the end of this policy.
Withdrawing your consent
49. Where we rely on your consent as the legal basis for processing your personal data, as set out under How we use your personal data, you may withdraw your consent at any time by emailing firstname.lastname@example.org (please use “Withdrawal of consent” as the subject heading of your email).
50. If you would like to withdraw your consent to receiving any email communications as described under paragraphs 21 to 22 you can do so by emailing email@example.com (please use “Withdrawal of consent” as the subject heading of your email).
51. If you withdraw your consent, our use of your personal data before you withdraw your consent is still lawful.
Objecting to our use of your personal data made about you
52. Where we rely on our legitimate interests as the legal basis for processing your personal data for any purpose(s), as set out under How we use your personal data, you may object to our using your personal data for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal data, we will temporarily stop processing your personal data in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection legislation, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data.
53. You may object to us using your personal data for direct marketing purposes and we will immediately comply with your request. If you would like to do so, by emailing firstname.lastname@example.org (please use “Withdrawal of consent for marketing purposes” as the subject heading of your email).
Erasing your personal data or restricting its processing
54. In certain circumstances, you may ask for your personal data to be removed from our systems by emailing or writing to us at the address at the end of this policy. Provided we do not have any continuing lawful reason to continue processing or holding your personal data, we will make reasonable efforts to comply with your request.
55. You may also ask us to restrict processing your personal data where you believe our processing is unlawful, you contest its accuracy, you have objected to its use and our investigation is pending, or you require us to keep it in connection with legal proceedings. We may only process your personal data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal data in a structured data file
56. Where we rely on your consent as the legal basis for processing your personal data or need to process it in connection with your contract, as set out under How we use your personal data, you may ask us to provide you with a copy of that data.
57. You can ask us to send your personal data directly to another service provider and we will do so if this is technically possible. We may not provide you with a copy of your personal data if this concerns other individuals or we have another lawful reason to withhold that data.
Complaining to the UK data protection regulator
58. You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal data. Please visit the ICO’s website for further details.
SECURITY AND LINKS TO OTHER SITES
Security measures we put in place to protect your personal data
59. The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your personal data, we have in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Links to other websites
61. If you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
Use of ‘cookies’
MARKETING AND OTHER COMMUNICATIONS
64. If you are a client or contact of Hopkins Law, we may contact you personally to notify you of events/information that may benefit you or your business.
65. We will never share your information with third party partners for their own marketing uses, although we may use service providers to assist us with our own marketing.
66. If you would like to change your preferences at any point, or wish to withdraw your consent, please do so, by emailing email@example.com.
67. Please direct any queries about this policy or about the way we process your personal data to our Head of Privacy and Data Protection using the contact details below.
68. Please write to the Head of Privacy and Data Protection at Hopkins Law 20 Windsor place Cardiff CF10 3BY. Our email address for data protection queries is firstname.lastname@example.org. If you would prefer to speak to us by phone, please call 02920 395888.
This policy was last updated on 19 May 2019 and will be reviewed next by 20 May 2019.P