DRA Legal Ltd, DRA Legal
Privacy and Data Protection Policy – pursuant to General Data Protection Regulations (GDPR) (EU) 2016/679
DRA Legal Ltd (“the Company”) is a firm which trades under the auspices of the Institute of Professional Willwriters. The Company observes all relevant legislation, and complies with all professional obligations. We collect personal information from you in a number of different ways.
This document sets out our privacy policy and relates to information which you provide to, and vice versa, in communications of any type or form, including the use of our website or other form of information/data sharing vehicle. We consider your privacy to be extremely important to us. These are the fundamental principles that we follow in relation to your personal information:
• We don’t ask you for personal information unless we need it.
• We don’t share your personal information with anyone except to provide you with legal services upon instructions received from you, to comply with the law, or to protect your own or our own rights.
• We don’t store personal information unless required for the on-going provision of legal services to you, and such as is required for the archived storage of case information so as to comply with our own professional and insurance-related purposes, and so as to be able to respond to legal challenges which may arise some years after the completion of your own matter(s). In addition we will from time to time (unless you instruct us not to) contact you in writing or via email to provide you with information relating to your past cases, our firm, and also in respect of offers, products or promotions. Further, we may contact you to comply with any legal obligations law or to protect our rights.
• We will use personal information that you provide to us at the outset of any matter in accordance with this privacy policy. Certain of the personal information that you provide to us at the outset is collected in such a way that we may retrieve and destroy the same after the expiration of a fixed period and upon your express instructions to do so.
We are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. The policy is intended to address information you provide to us in writing and via email or by telephone, or via any access point or online data portal accesses via our website www.dralc.co.uk . By accessing our website you are accepting and consenting to the practices described in this policy.
Seen as supplemental to the Data Protection Act of 1998, the General Data Protection Regulation 2016 (GDPR), effective May 2018, is a significant piece of legislation that further protects that rights of individuals in the EU and which affects the way that we and all companies carry out information processing activities. Significant fines are applicable if a breach is deemed to have occurred under the GDPR, which is designed to protect the personal data of citizens of the European Union. It is our policy to ensure that our compliance with the GDPR and other relevant legislation is clear and demonstrable at all times.
For the purpose of the GDPR, the data controller is DRA Legal Ltd (Company Registration no: - 08430273) whose registered office is at 138 Huddersfield Road, Mirfield, West Yorkshire, WF14 8AN.
Our named officer for the purposes of the GDPR is Derek Adkins who can be reached via derekadkins@dralc.co.uk or by phone on 01924 601043.
INFORMATION WE COLLECT FROM YOU
• Information you give us. This is information about you that you give us when you meet any or the Company’s staff or, whether or not the person you liaise with is one of our qualified lawyers, communicated to us by phone, e-mail or otherwise. It includes information you provide when you share with us your personal and/or professional information.
• Information we receive from other sources. This is information we receive about you when we create our database. This information may be provided to us (for example) by any financial institution or lender, or professional and financial adviser who you have engaged with separately, and to whom you have provided our own details. We will also collect information about you as part of our legal obligations in respect of establishing satisfactory identification of yourself in light of our obligations related to Anti-Money Laundering and the Combating of Terrorism. Where you are a company or other organisation, or otherwise, the information may be freely and widely available to us from your own website(s) or via social media information which you have sent us or emailed to us or otherwise.
WHAT DO WE DO WITH YOUR PERSONAL DATA
We may use your information in the following ways:
• To contact you to respond to enquiries.
• To provide legal services according to your express instructions pursuant to our contract with you. This will necessarily involve the use of your data to perform Identity checks and checks related to anti-money laundering, and transactional steps will involve liaison with other lawyers and other professionals.
• To comply with legal and regulatory requirements (including responding to court orders, and to prevent crime). These special circumstances may require us to disclose personal information. Your data is required when assessing risk in Insurance matters and in any litigation matters.
• To contact you if your actions violate your agreement with us (if any).
• To market our services to you.
• To inform you of offers, promotions, product launches or other relevant information you may find of interest.
Unless you have notified us otherwise, DRA Conveyancing Ltd may occasionally send you emails or letters to tell you about the services we provide, or about promotions, or to seek feedback from you. If you no longer wish to receive such communications from us, please notify us using the contact details provided below, or via the ‘Contact us’ options at our website www.dralc.co.uk .
WHEN DO WE SHARE YOUR PERSONAL DATA
We want to reassure you that unless requested by you, whether expressly or impliedly (for example where we act for you in a matter where we must deal with your bank or mortgage lender), we do not share your personal data with any third parties. We will not, for example, discuss your case with any other professional or financial adviser (such as mortgage broker) unless we have received your express formal consent, in writing.
However, the nature of our contract with you means that we hold you express and implied consent to share your information as outlined above in order that we may perform the contract whilst meeting all legal and professional obligations. We judge that we hold your implied consent to liaise with relevant parties and bodies related to your transaction/case; this will include other solicitors, conveyancers, surveyors, experts, witnesses, search providers, insurance providers etc.
The interests of the Company would be adversely affected by our failure to perform all relevant checks and by any non-compliance. If you are unwilling or unable to provide personal information to us as requested and if you are unwilling to allow use of your information as outlined herein then we will not be able to continue acting for you.
WHEN AND WHERE YOUR PERSONAL DATA IS TRANSFERRED?
Be assured that your personal data is to the best of our knowledge never going to be transferred outside the EEA. Data Service providers and Banks and legal ‘case management’ may use ‘cloud’ storage resources within recognised industry guidelines & procedures and such use is outside of our control.
WHAT ARE YOUR RIGHTS?
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (as in this written policy) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by letting us know directly by reply to our e-mail to you or via our website www.dralc.co.ulk . You can also exercise the right at any time by contacting us at derekadkins@dralc.co.uk or by phone on 01924 601043.
Under the GDPR, you have the following rights. These consist of:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within the Company which allow the required action to be taken within the timescales stated in the GDPR.
You can also ask us to stop using your information – the simplest way to do this is to withdraw your consent, which you can do at any time, either by emailing, writing or telephoning us using the contact details set out in this policy document.
These timescales are:
The right to be informed when data is collected (if supplied by data subject) or within one month (if not supplied by data subject):- At the outset of each & every matter.
The right of access: - One month and subject to our wider legal obligations as outlined herein
The right to rectification: - One month
The right to erasure: - Without undue delay and subject to our wider legal obligations as outlined herein
The right to restrict processing: - Without undue delay and subject to our wider legal obligations as outlined herein
The right to data portability: - One month and subject to our wider legal obligations as outlined herein
The right to object: - On our receipt of your objection and subject to our wider legal obligations as outlined herein
Rights in relation to automated decision making and profiling: - Not specified; dependent upon circumstances.
HOW LONG DO WE KEEP YOUR DATA FOR?
Your data will only be kept for the time necessary for which it was collected. In legal matters we are obliged via our professional and legal and insurance obligations to retain data for a minimum of 6 years. In certain transactions, the data will be retained in paper and/or electronic form for a minimum of 15 years. In matters involving Wills, our file (and of course the Wills) will be retained indefinitely. Because of the potential for legal actions against the Company (or yourself) to be commenced up to a minimum of 6 years after the completion of a case, we will never destroy all case documentation/data until after the expiration of this period. By continuing to instruct us in any matter you are agreeing to our data & case storage procedures. If you do instruct us to remove you from our database, we will do so as soon as is reasonably practicable in light of our other obligations.
COOKIES
Our website does not use any cookies. Therefore we do not track you when you visit our website.
HOW DO WE PROTECT THE INFORMATION WE COLLECT
DRA Legal Ltd is very concerned about protecting the confidentiality of your personal information. We have security measures, including administrative, physical and electronic measures, to protect against the loss, exposure, misuse or alteration of information that we have collected from you in the use of the services. These measures include the use of industry standard secure website access and SSL data encryption for emails. We will not send to you or to anyone else any banking detail by means other than secure, encrypted email.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
• Information you give to us. We will use this information:-
• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information and services that you request from us;
• to introduce you to other products, offers or promotions or services same or similar to ours.
• Information we receive from other sources. We will combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you will not, to the best of our knowledge be transferred to, and stored at, a destination outside the European Economic Area (”EEA”).
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
CHANGES TO OUR PRIVACY POLICY
Any changes we make to our privacy policy in the future will be communicated to clients at the commencement of any matter, and/or may be posted on to our website www.dralc.co.uk or where appropriate, notified to you by e-mail.
CONTACT
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to derekadkins@dralc.co.uk or by phone on 01924 601043 or by writing to us at DRA Conveyancing Ltd, 138 Huddersfield Road, Mirfield, West Yorkshire WF14 8AN.
YOUR RIGHT TO COMPLAIN
If you have a complaint about our use of your information, you can contact the Information Commissioner’s Office via their website at www.ico.org/concerns or write to them at:
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
You may also avail yourself of our general complaints procedure, which is set out in full in our initial communications to yourselves as clients of DRA Legal Ltd.
138 Huddersfield Road, Mirfield WF14 8AN Tel: 01924 601043 Fax: 01924 918 987 Privacy Policy October 2023