This notice is addressed to individuals who are clients of SampsonLegal or are making enquiries
“matter” is the term solicitors use to refer to their client’s project, transaction, dispute, etc.
“SRA” refers to the Solicitors Regulation Authority.
All information relating to your matter is stored in a dedicated matter file on SampsonLegal computers in the UK. This includes telephone calls, which are recorded for this purpose. When the matter is finished the file will be removed from those computers and archived offline. The archive will be kept for 15 years in case it is needed in connection with a claim. It will not be accessed otherwise. It will then be destroyed unless it is needed for a claim.
I will not intentionally transfer your personal information outside the EU without obtaining your explicit consent first, but emails can take any route during transmission and emails exchanged between two people in the UK could appear on equipment in countries outside the EU, where they may not be protected by strong privacy or data protection laws. If you have any concerns about this, please raise them with me so that we can discuss alternative arrangements.
I have a legitimate interest in pursuing each of the purposes for which I process your personal information, and that provides a legal basis for the processing. There may be an additional basis, and where there is it appears in red text below.
Your name and contact details – These come from you and are stored in my contacts database as well as the matter file. As well as using them in connection with the matter, I use them to obtain financial information about you from credit reference agencies so that I can feel confident that I will be paid promptly, and for telling you about legal issues and services which I believe may be of interest to you. This financial information will be deleted once I have decided how much credit to allow you. Your name and contact details will be deleted from my contacts database when our relationship appears to have come to an end.
Other information – This comes from you, other people involved in the matter (your staff, your accountant, other parties to the transaction or dispute, etc), official sources like Companies House, and the internet. I use it for:
- Providing my service to you and collecting and processing my charges. Where you are my client, this is necessary for the performance of my contract with you.
- Keeping records of your identity and your matters, assessing the likelihood that money laundering or terrorism financing might be taking place, and notifying the appropriate authorities if necessary. Sometimes this is necessary for complying with my legal obligations under the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017. Unless there is a change in the law, information kept solely for this purpose will be deleted 5 years after I believe my business relationship with you has come to an end.
- Avoiding conflicts between your interests and those of my other clients – your name, a very brief description of the matter, and the names of any third parties involved, are kept in a register for this purpose. They will be deleted when the matter file is. My other clients have a legitimate interest in this and it is necessary for complying with my legal obligations under common law and the SRA code of conduct for solicitors.
- Keeping business records (timesheets, accounts, copies of invoices, etc). This is necessary for complying with my legal obligations under tax legislation and the SRA code of conduct for solicitors.
- Dealing properly and fairly with complaints. This is necessary for complying with my legal obligations under the SRA code of conduct for solicitors and, where you are my client, for the performance of my contract with you.
- Obtaining professional indemnity insurance and processing insurance claims. This is necessary for complying with my legal obligations under the SRA Indemnity Insurance Rules 2013.
- Dealing with claims against me.
You decide what information you provide, but:
- My advice may be inadequate or inappropriate if you withhold relevant information, and ultimately I may be unable to continue advising you.
- If I need information to help me assess the likelihood that money laundering or terrorism financing might be taking place, I will have to stop work until you provide it.
I do not make any decisions based solely on automated processing of personal information.
My duty to keep information about you and your matters confidential is set by law and the SRA’s code of conduct for solicitors. In summary, I have to keep it confidential unless: (i) I need to disclose it in the course of providing my service to you; (ii) you have given me permission to disclose it; or (iii) I am required to disclose it by law or a court order.
If a claim is made against me, or SampsonLegal closes, I may need to transfer my matter files to another firm of solicitors and/or my insurer so that they can deal with any claims against SampsonLegal and/or the insurer. They will have a legitimate interest in having the files for this purpose and they will process your personal information in accordance with their own data protection policies.
To protect your information:
- Computer files are backed up twice each day.
- Precautions are taken to reduce the risk of unauthorised access and changes to matter files. This includes removing them from SampsonLegal computers when my work is complete and transferring them to an offline archive.
- Data on computers, phones, backups, archives and removable memory of any kind is encrypted using strong passwords.
- Most papers are shredded as soon as they have been scanned for the computer file. Those which need to be retained are locked away when they are not being used. When the matter file is archived, important papers will be sent by tracked post to you or the appropriate person and the rest will be shredded.
- Third parties very rarely have access to my office and when they do they are closely supervised, all computers are locked, and all papers are locked away.
- My office is kept locked whenever it is unattended and it is alarmed whenever the building is unattended.
This is all documented in office policies and procedures and they are reviewed every year.
The General Data Protection Regulation governs my processing of your personal information and, subject to various conditions and exemptions, gives you the right:
- To insist that I stop using your personal information for direct marketing
- To withdraw your consent to my processing at any time – this is only relevant where your consent is the legal basis for my processing, and I will still have a legitimate interest in retaining the information in my archived matter file and will do so
- To ask for a written explanation of how and why I am processing your personal information, the legal basis for that processing, and who I have disclosed it to or intend disclosing it to
- To ask for a copy of the information – where I am processing it on the basis of your consent, or on the basis that it is necessary for the performance of my contract with you, you have the right to ask me to provide it to you or a third party in a common and structured electronic format
- To ask for the information to be corrected or supplemented
- To ask me to restrict my processing – you may want to do this if you have asked me to correct the information and I am considering your request
- To object to my processing
- To ask me to delete the information – but I will still keep a copy of it in my archived matter file
- To complain to the Information Commissioner’s Office (ico.org.uk/concerns/ 0303 123 1113) about my processing or my response to your requests and objections – the Office will usually want to know that you have already raised your complaint with me and that I have failed to resolve it to your satisfaction, so please contact me first
- To take legal action in order to obtain compensation for my breaches of the Regulation.
I will respond appropriately within one month of receiving your request.