For individuals who are clients of SampsonLegal or are making enquiries with a view to becoming clients
This statement describes my processing of your personal information and the rights you have in connection with that processing. It uses a few terms which have special meanings:
“matter” is the general term solicitors use to refer to a client’s project, transaction, dispute and other affairs
“SRA” is the Solicitors Regulation Authority, which has statutory powers for regulating solicitors
“criminal-offence information” is information about any criminal offences which you have committed, or are alleged to have committed, and any related proceedings
“special-category information” is information concerning your race or ethnicity; physical or mental health; sexual orientation or sex life; genetic data; biometric data used for identification purposes; beliefs of a religious, philosophical or similar nature; political opinions; trade union membership.
How and why I process your personal information
I will acquire information about you and your affairs from you, other people involved in your matter (your staff, your accountant, other parties to the transaction or dispute, etc), official sources, and the internet. I will record our telephone calls and meetings in order to maintain an accurate record of our conversations.
I will use this information for the following purposes:
- Providing my service to you and collecting and processing my charges
- Providing you with information
- Complying with money-laundering and terrorist-financing laws
- Avoiding conflicts of interest
- Keeping proper business records (timesheets, accounts, copies of invoices, etc)
- Obtaining professional indemnity insurance
- Dealing with complaints and claims against me
For more information about this, see further information.
You have complete control over what information you provide, but my advice is likely to be inadequate or inappropriate if you withhold any and I may have to stop working for you.
Storage and retention
All information relating to one of your matters will be stored in a separate file on SampsonLegal equipment in the UK in accordance with my Personal Information Policy, Security Policy, and File Retention and Disposal Policy. In summary:
- When I have finished working on your matter the file will be transferred to an encrypted offline archive, where it will be kept for 15 years in case it is needed in connection with a claim
- Your name and contact details will be kept in my contacts database until our relationship appears to have come to an end
- Information kept solely for the purpose of complying with money-laundering and terrorist-financing legislation will be kept for 5 years after I believe my business relationship with you has come to an end.
I will not transfer your personal information outside the UK/EU without obtaining your explicit consent first, but please note that emails can take any route during transmission and even UK-to-UK emails could appear on equipment outside the UK/EU, where they may not be protected by strong privacy or data protection laws. We can discuss alternative arrangements if this concerns you.
My duty to keep information about you and your matters confidential is set by law and SRA Standards and Regulations. In essence, I have to keep it confidential unless I need to disclose it in the course of providing my service to you, you have given me permission to disclose it, or I am required to disclose it by law or a court order.
I take steps to reduce the risk of data being lost and of unauthorised access and changes to files:
- Computer files are backed up twice each day
- Files are removed from the firm’s computers when the work is complete
- All data is encrypted using strong passwords
- Papers are scanned into the computer file and then shredded or delivered by tracked-and-signed-for post
- It is very rare for other people to have access to my office, and when they do they are closely supervised, all computers are locked, and all papers are placed in a filing cabinet
- My office is kept locked whenever it is unattended and it is alarmed whenever the building is unattended.
This is documented in office policies and procedures which are reviewed every year.
The UK General Data Protection Regulation and the Data Protection Act 2018 govern my processing of your personal information. Various conditions and exemptions apply, but in general you have the right:
- To insist that I stop using your personal information for direct marketing
- To withdraw your consent to my processing of your personal information at any time – but this is only relevant where your consent provides the legal basis for my processing
- To ask for a written explanation of how and why I am processing your personal information, the legal basis for that processing, and who I have disclosed it to or intend disclosing it to
- To ask for a copy of the information
- To ask me to provide a copy of the information, either to you or to a third party, in a common and structured electronic format – but this only applies where the legal basis for my processing is your consent or that it is necessary for the performance of my contract with you
- To ask me to correct, supplement or delete the information
- To ask me to restrict my processing – you may want to do this if you have asked me to correct or supplement the information and I am considering your request
- To object to my processing
- To complain to the Information Commissioner’s Office (ico.org.uk/concerns/ 0303 123 1113) about my processing or my response to your requests and objections, but you should approach me first as the ICO will usually want to know that you have raised your complaint with me and that I have failed to resolve it to your satisfaction
- To take legal action in order to obtain compensation for my breaches of the legislation.
I will respond appropriately within one month of receiving your request for any of the above.
This section contains further information about my processing.
Except where an additional or alternative basis is stated below, the legal basis for all my processing of personal information is my legitimate interest in that processing due to it being necessary for the proper running and operation of a regulated law firm.
The processing only includes special-category and criminal-offence information where it is mentioned.
I do not make decisions based solely on automated processing of personal information.
Providing my service to you and collecting and processing my charges
I will use the information to advise you and to generate my invoices and collect payment. This includes criminal-offence information where the processing is necessary for legal proceedings or obtaining or providing legal advice, and both criminal-offence and special-category information where the processing is necessary in order to establish, exercise or defend legal claims.
I may use your name and contact details to obtain information about you from credit reference agencies (including their assessment of your creditworthiness) so that I can feel confident that my charges will be paid promptly. This information will be deleted when I have decided how much credit to allow you.
Providing you with information
I may use your contact details and my knowledge of your activities and interests to email you information about legal issues which I believe may be of benefit or interest to you. I will stop doing this if you ask me to.
Complying with money-laundering and terrorist-financing legislation
An additional legal basis for this processing is that it is necessary in order for me to comply with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 and the Proceeds of Crime Act 2002.
I may use the information to verify your identity, to assess whether money-laundering or terrorism-financing might be taking place, and to inform the appropriate authorities if I suspect that it is. This includes special-category and criminal-offence information as this processing is for the purpose of complying with a regulatory requirement and involves taking steps to establish whether you or another person have committed an unlawful act or omission, or have been involved in dishonesty or other seriously improper conduct.
Avoiding conflicts of interest
Your name, a brief description of your matter, and the names of any third parties involved, will be entered in a register I use to check for potential conflicts of interest ( i.e. conflicts between your interests and those of my other clients) so that I can avoid them. This information will be deleted from the register when your matter is deleted from my archive.
Additional legal bases for this processing are: (i) it is necessary in order for me to comply with SRA Standards and Regulations and with the common law regarding a solicitor’s duty to his clients; and (ii) my other clients have a legitimate interest in my identifying conflicts of interest as they could be adversely affected by them too.
Keeping proper business records
Information about you and your matters will be included in timesheets, accounts, invoices, etc.
An additional legal basis for this processing is that it is necessary in order for me to comply with tax legislation and SRA Standards and Regulations.
Obtaining professional indemnity insurance
I may disclose information about you and my work for you to insurers and brokers if it is relevant to my insurance or application for insurance (e.g. if there has been a complaint about my service or an actual or potential claim against me). I will disclose the information in confidence, but their processing of the information will not be within my control or subject to my data protection policies or procedures.
Additional legal bases for this processing are: (i) it is necessary in order for me to obtain and maintain insurance in accordance with the SRA Indemnity Insurance Rules; (ii) insurers and brokers have a legitimate interest in having the information in order to decide whether to insure me and on what terms; and (iii) my other clients have a legitimate interest in my having insurance cover so that adequate resources will be available to satisfy any claims they may make.
Dealing with complaints and claims
I will use information about you and your matter to deal with, and where necessary defend, any complaints or claims which concern my work, my service or my behaviour. This may include special-category and criminal-offence information where the processing is necessary in order to establish, exercise or defend legal claims.
I may need to transfer my file for your matter to another firm of solicitors and/or my insurer so that they can deal with the complaint or claim.
An additional legal basis for this processing is that it is necessary in order for me to comply with SRA Standards and Regulations.
The SRA logo: important privacy warning
Every law firm regulated by the SRA is required to display this logo on its website. If you click on it the device you are using will be connected to the IT systems of the Japanese company that operates this logo scheme for the SRA. I have no relationship with that company and I cannot control what information it or the SRA will collect from your device, how or where that information will be stored, if or how it will be protected, how it will be used, or who they will share it with. Nor can I guarantee that they will respect your rights under UK or EU legislation. If you would like more information about any of these matters you should contact the SRA, but if you simply wish to verify that this website is SampsonLegal’s and that SampsonLegal is regulated by the SRA, I recommend that you use the SRA’s law-firm search facility instead.