• Criminal Law Specialists

  • 24 hour emergency line: +44 (0) 7969 487978

Privacy Policy

McSorley Lewis Law Ltd – Solicitors
41 Splott Road, Splott, Cardiff, South Glamorgan, CF24 2BU
+44(0)2920662560
law@mcsorleylewis.co.uk

Last updated 26/01/21

UK Data Privacy/Data Protection Law changed significantly on 25th May 2018. The EU General Data Protection Regulation (or GDPR for short) was a positive step towards you having more control over how your data is used and how you are contacted by us. At 11pm on 31st December 2020, EU GDPR will no longer apply to personal data held or processed within the UK. Instead, “UK GDPR” will apply to such data. The provisions of UK GDPR are essentially the same as EU GDPR and therefore the following rights continue to apply. We confirm that we do not normally hold or process your data outside the UK but if we do we will ensure there are sufficient “adequacy” arrangements or “safeguards” in place to protect your rights.

If you are an individual, the rights you have under the UK GDPR include the following:

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

We have therefore updated our privacy notice to reflect these changes.

We use your personal data to help us provide an excellent client service, which includes tailoring the information we share with you to help ensure that it’s relevant, useful and timely.

We will respect your privacy and work hard to ensure we meet strict regulatory requirements.

We will not sell your personal data to third parties.

We will provide you with easy ways to manage and review your marketing choices if you receive direct marketing communications from us.

We are a firm that is authorised and regulated by the Solicitors Regulation Authority (SRA). As you might expect, we are already subject to strict rules of confidentiality. It is therefore already part of the fabric and culture of our firm to keep your information private and secure.

We would ask you to help us keep your data secure by carefully following any guidance and instructions we give e.g. communicating bank account details and transferring funds to us.

We are sometimes obliged to share your Personal Data with external authorities without notifying you e.g. as required by the Anti-Money Laundering & Counter Terrorist Financing Act 2017. In all other cases, we will be transparent, and we will explain to you why we are requesting your data and how we are using it.

Lawful Bases for Processing Your Data

The law states that we are allowed to use personal information only if we have a proper and lawful reason to do so. This includes sharing it with others outside the firm e.g. an auditor of a relevant quality standard.

The GDPR says we must have one or more of these reasons:

  • Contract: the processing is necessary for a contract we have with an individual, or because they have asked us to take specific steps before entering into a contract.
  • Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
  • Consent: the individual has given clear consent for us to process their personal data for a specific purpose.

A legitimate interest is when we have a business or commercial reason to use your information.

Here is a list of all the ways that we may use your personal data, and which of the reasons we rely on to do so.

Use of your Personal Data Our reason/justification for processing Legitimate Business Interest
Opening, progressing, closing, archiving and storing a matter/case file • Contract
• Legitimate Interest
• Legal Obligation
Fulfilling your instructions (the retainer)
Complying with regulations and the law
Direct marketing to you • Legitimate Interest Keeping our records up-to-date, working out which of our products and services may interest you and telling you about them
Providing information on changes in the law and inviting you to contact us for advice
• To make and manage client payments.
• To manage fees, charges and interest due to clients
• To collect and recover money that is owed to us.
• Contract
• Legitimate Interest
• Legal Obligation
Keeping accounts systems up-to-date
Complying with SRA Accounts Rules and other regulations
Effective and efficient management of a sustainable business
• To detect, investigate, report, and seek to prevent financial crime.
• To manage risk for us and our customers.
• To comply with laws and regulations that apply to us.
• To respond to complaints and seek to resolve them.
• Contract
• Legitimate Interest
• Legal Obligation
Developing and improving how we deal with financial crime including suspected money laundering as well as complying with our legal obligations in this respect.
Complying with regulations that apply to us.
Being efficient about how we fulfil our legal and contractual duties.
To run our business in an efficient and proper way. This includes managing our financial stability, business capability, planning, communications, corporate governance, and audit. • Legitimate Interest
• Legal Obligation
Complying with the SRA Accounts Rules and Code of Conduct and other regulations that apply to us.
Being effective and efficient about how we run our business.
To allow external consultants, advisers and auditors to inspect files.
To exercise our rights and comply with obligations set out in agreements or contracts. • Legitimate Interest
• Legal Obligation
Complying with contractual requirements e.g. for the provision to clients of Public Funding by Public Bodies.

Special Categories and Criminal Convictions Data

Further to our lawful bases for processing personal data we rely on further conditions contained within the Data Protection Act 2018 (as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.)(EU Exit) Regulations 2019 and 2020) for processing these types of data. These conditions are contained in Schedule 1, Part 3 of the Act. The primary condition we rely on is known as “legal claims” where;

This condition is met if the processing—

(a) is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),

(b) is necessary for the purpose of obtaining legal advice, or

(c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights

We would normally also rely on another condition in Schedule 1, Part 3 of the Act known as “consent” where, due to the nature of these types of data we would obtain your consent prior to processing them.

If our reason for processing data is in connection with the Schedule 1, Part 2 of the Act, condition 18, safeguarding of individuals and children at risk. This is because the processing will be necessary for the purposes of;

(a) protecting an individual from neglect or physical, mental or emotional harm, or

(b) protecting the physical, mental or emotional well-being of an individual,

In this condition;

(a)       in the circumstances, consent to the processing cannot be given by the data subject;

(b)       in the circumstances, the we cannot reasonably be expected to obtain the consent of the data subject to the processing;

(c)       the processing must be carried out without the consent of the data subject because obtaining the consent of the data subject would prejudice the provision of the protection

Also, due to the nature of these data types, we comply with Schedule 1, Part 4 of the Data Protection Act which requires us to have an appropriate written policy explaining our security procedures, and data retention periods and we are required to retain this policy document and produce it to the Information Commissioner on request. Our policy is set out in the firm’s Information Management & Security Policy.

Types of Personal Data We Process

Type of Personal Information >Description
Financial Your bank account details and your financial status and information
Contact Information Where you live and how to contact you
Socio-Demographic This includes details about your work or profession, nationality etc.
Transactional Details about payments to and from your bank accounts
Contractual Details about the products or services we provide to you
Behavioural Details about how you use our services
Communications What we learn about you from letters, emails, and conversations between us
Social Relationships Your family, friends and other relationships
Open Data and Public Records Details about you that are in public records such as the Land Registry, and information about you that is openly available on the internet
Documentary Data Details about you that are stored in documents in different formats, or copies of them. This could include things like your passport, drivers licence, or birth certificate
Special types of data

The Law and other regulations treat some types of personal information as a special category. We will only collect and use these types of data if the law allows or requires us to do so:

  • Racial or ethnic origin
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic and bio-metric data
  • Health data including gender
  • Criminal convictions and offences
Consents Any permissions, consents or preferences that you give us. This includes things like how you want us to contact you.
National Identifier A number or code given to you by a government to identify who you are, such as a National Insurance Number
Legal Aid Application and Bill Information required to submit an application for public funding and to claim our fees under any legal aid certificate issued to you.

Sources of Data

We collect personal data from various sources:

Data Source Purpose
Data you give us when you instruct us to advise you or act for you You To enable us to decide whether to accept your instructions and to progress your matter
Data you give us by letter/phone/email and other documents You To enable us to decide whether to accept your instructions and to progress your matter
Data you give us when you visit our website, via a messaging service or social media You To enable us to deal with your query or request and to contact you if appropriate
Data you give us during interviews You To enable us to advise and represent you and to communicate with other solicitors and third parties on your behalf
Data you give us in client surveys You To enable us to improve our services and respond to any expressions of dissatisfaction
Data provided to us by referrers and introducers Referrers To enable us to contact you and to enable us to decide whether to accept your instructions and to progress your matter
Fraud Prevention agencies Agency To enable us to comply with the law and regulations and carry out client due diligence checks
Estate Agents Agents To enable us to act on your behalf in relation to a land transaction
Other Solicitors Solicitor Firms As part of an exchange of information to enable us to progress the matter and advise you
Public Bodies Public Body such as HMRC, HM Treasury, Local Authority, Land Registry, Land Charges Registry, Probate Registry, Legal Aid Agency, Police, CPS, Courts Service and other government departments To enable us to advise you and progress your matter.
To prevent fraud and money laundering.
Your GP or other medical professional Doctor To obtain appropriate medical reports
The Legal Aid Agency LAA Under our contractual obligations we will receive “Shared Data” from the LAA if your matter is legally aided

Who We Share Your Data With

Subject to the SRA Code of Conduct and the requirements with regard to client confidentiality, we may share your personal information with:

  • Lawyers or other organisations on the other side of a matter or case
  • Barristers or experts we instruct
  • The courts and other tribunals
  • Your Personal Representatives or Attorneys
  • Auditors
  • Lenders
  • Estate Agents, IFAs, Referrers, etc.
  • Organisations that we introduce you to
  • HM Revenue and Customs
  • The government both Central and Devolved
  • Fraud Prevention Agencies including the National Crime Agency
  • The SRA and other regulators
  • ID checking organisations

Automated Decision-Making

We do not use automated decision-making systems. All decisions relating to you and your matter are made by a person.

Personal Data We Use

We typically will use the following types of personal data:

  • Your Name
  • Date of Birth
  • Home address
  • Contact details such as phone numbers and email addresses
  • Bank details and account information
  • Medical information (where applicable)
  • Employment details
  • Data that identifies you by cookies when you use our website

Sending Data Outside the European Economic Area (EEA)

Unless you instruct us in a matter or case that involves an international element, we do not normally send your personal data outside the UK or EEA. If we do, then we will seek your consent to do so, explain the risks to you and talk to you about UK adequacy decisions and potential safeguards depending on the country involved.

Your Refusal to Provide Personal Data Requested

If you refuse to provide the information requested, then it may cause delay and we may be unable to continue to act for you or complete your matter.

Marketing Information

We may from time to time send you letters or emails about changes in the law and suggestions about actions that you might consider taking in the light of that information e.g. reviewing your will. We will send you this marketing information either because you have consented to receive it or because we have a “legitimate interest”.

You have the right to object and to ask us to stop sending you marketing information by contacting us at any time. You can of course change your mind and ask us to send the information again.

How Long We Keep Your Personal Information

We are legally obliged to keep certain information for at least 5 years and typically store your file for 6 years before destroying it.

In some cases, e.g. Legal Aid Matters we are obliged to keep your files for a longer period of time, this period will be set out in our closing letter to you.

We will store Wills and other documents indefinitely.

We will keep your name and personal contact details on our database until you tell us that you would like them removed e.g. where you have changed solicitor.

How to Get a Copy of Your Personal Information

If you wish to access your personal data then write to:

McSorley Lewis Law Ltd
Data Protection Supervisor/COLP: Mr Jon Lewis
41 Splott Road, Splott,
Cardiff, CF24 2BU

Telling Us If Your Personal Information is Incorrect

(The right to rectification)

If you think any information we have about you is incomplete or wrong, then you have the right to ask us to correct it. Please contact us as above.

Other Rights

As mentioned above you also have other rights, namely

  • The right to erasure
  • The right to restrict processing
  • The right to data portability

You have the right to ask us to delete (erase) or stop us using your data if there is no longer any need for us to keep it (e.g. under a legal obligation).

In terms of data portability then subject to any lien we may enjoy for non-payment of fees, we will comply promptly (where permitted) to your request to transfer your physical paper file to another solicitor upon receipt of your signed consent. If your file is in electronic format we will take reasonable steps to export the file to a “portable format” where possible so that your new solicitor can upload it to their system. As many different IT systems are used by the legal profession we cannot guarantee that we can provide data in a compatible format.

Consent

UK GDPR in some cases requires us to obtain your explicit consent i.e.

(a) the racial or ethnic origin of the data subject,

(b) their political opinions,

(c) their religious beliefs or other beliefs of a similar nature,

(d) whether they are a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e) their physical or mental health or condition,

(f) their sexual life,

(g) the commission or alleged commission by them of any offence, or

(h) any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or the sentence of any court in such proceedings.

Where acting for you involves us processing such data we will seek your explicit consent e.g. when we plan to obtain your medical records.

You have the right to withdraw your consent by contacting us as stated above.

However, if you do so then we may not be able to progress your case or indeed continue to act for you.

How to Complain

If you are unhappy about how we are using your Personal Data then you can complain to us using the contact information above.

You also have the right to complain to the Information Commissioner’s Office (ICO). Further details on how to raise a concern about our information rights practices with the ICO can be found on the ICO’s website: https://ico.org.uk/concerns

Cookies

Some areas of the McSorley Lewis website use cookies to aid the user experience (e.g. to save the user from re-entering personal details for every page in a section of the site). Cookies are also used to compile general (not personal) site usage statistics. Cookies are not used to capture or store personal information for any other purpose.

We maintain continuous logs of our web server activity. These log files include the details of website users’ IP address, browser type and page last visited etc. The log files are used to analyse how the website is being used by visitors and may be kept in an anonymised form for historical records.

The McSorley Lewis website uses hosted web analytics software. These are hosted services provided and managed by third party companies. Our main supplier of hosted web analytics is Google LLC. The service ‘Google Analytics’ uses ‘cookies’ (a text file sent to user’s computers as they browse our websites) to help analyse how users navigate our website. The information generated by the cookie regarding our website (including IP addresses) will be transmitted to and stored by Google. Google will use this information for the purpose of evaluating use of our website, compiling reports on website activity for website operators and providing other related services to us.

Google LLC may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google LLC. Google LLC will not associate your IP address with any other data held by Google LLC. You may decline the use of cookies by configuring your web browser to do so. By using this website, you consent to the processing of data about you by Google LLC in the manner and for the purposes set out above.

How to remove Cookies from your browser?

If you would like to investigate how to remove cookies from your browser, here’s how to do it:

1. Browser Cookie settings in Chrome

2. Browser Cookie settings in Internet Explorer

3. Browser Cookie settings in Firefox

4. Browser Cookie settings in Safari Mac (OS Lion)Safari Mac (OS Yosemite) and in Safari Mac (OS Sierra).

5. Browser Cookie settings in Safari PC:-

Step 1. Confirm that you’re running version 5 or later of Apple’s Safari browser, and then click the Gears menu in the upper-right corner of the Safari window. From there, select Reset Safari. In this window, check the bottom box, ‘Remove all website data’.

Step 2. Check the bottom box, labeled Remove all website data. You can uncheck everything else if you want to remove only cookies.

Step 3. Click the Reset button to eliminate all cookies associated with Safari.

More information about ‘Browser Cookies’ can be found on the Wikipedia entry.


Use of Cookies

Cookie: Cookie Notice

Name: moove_gdpr_popup
Name: cookie_notice_accepted

Purpose: This cookie is used to remember a user’s choice about cookies on mcsorleylewis.co.uk. Where users have previously indicated a preference, that user’s preference will be stored in this cookie.


Cookie: Google Analytics

Name: _ga
Name: _gat
Name: _gid

Purpose: These cookies are used to collect information about how visitors use our website. We may use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited.


Cookie: Security & Anti-Spam

Name: cerber_groove
Name: cerber_groove_x_28cweFj9AqsLIRu0Jgfp3DryP7tVvZk

Purpose: Security plugin to block out bots, spam and other malicious attacks.


Cookie: WordPress

Name: wp-settings-1
Name: wp-settings-time-1

Purpose: Back-end plugin used to customise your view of admin interface, and possibly also the main site interface.

Updating this Notice

We will, from time to time, update this Privacy Notice to reflect emerging ICO guidance, requirements of the amended Data Protection Act 2018 and any other relevant changes in the law or regulations, adequacy decisions e.g. following BREXIT. We will also seek to learn from any published cases of Data Protection breaches.

Contact

If you have any questions or queries about any items listed in our privacy policy please email: law@mcsorleylewis.co.uk. We’ll get to your email as soon as possible but please allow 14 working days for us to investigate (if applicable) and feedback.