We value the personal data that individuals, clients and organisations choose to share with us, and we take their privacy very seriously.
This privacy notice sets out the categories of personal data we may ask you to supply, why we need that data, how we will use it and how long we will retain it.
We are a data controller for the purpose of all personal data we process and our Data Protection Compliance Manager is Atef Elmarakby.
We undertake to draw this privacy notice to the attention of all relevant parties, and should you engage our services we will take it to mean that you are satisfied with its contents.
Should you have any concerns or wish to discuss the contents of this notice further, please contact our Data Protection Compliance Manager at email@example.com.
We may update this notice from time to time and we recommend you refer to it regularly on our website.
Who We Are
Good Law Firm Ltd is a company registered in England and Wales (registered number 12345756). Its registered office is Office 1.03, Vauxhall Sky Gardens, 153 Wandsworth Road, London, SW8 2GB and it is authorised and regulated by the Solicitors Regulated Authority (the “SRA”) under SRA Number 668139.
We are also registered with the Information Commissioner’s Office (the “ICO”) in the UK under registration number ZA806412.
Good Law Firm Ltd collects, uses and is responsible for processing certain personal information about you. When we do so, we are regulated under the General Data Protection Regulations (GDPR) and the Data Protection Act 2018, and we are responsible as a “controller” of that personal information for the purposes of those laws.
What Personal Data Might We Need?
We will only collect the personal data necessary to facilitate our interaction with you, such as information that is necessary for the performance of a contract between you and us and information without which we would not be able to provide you with the requested services.
Categories of personal data we may collect from you include:
- Your identification details (e.g. your title, name, date of birth, gender, passport and/or ID number, contact details and email address);
- Your bank and payment details; and/or
- Information about your finances; and/or
- Information to assist us with providing a service to you or to enable you to attend a seminar, webinar or other event hosted by us.
Categories of personal data obtained by us:
- Publicly available information about you and/or your business (including through electronic sources) e.g. your HMRC details, your national insurance number, tax returns and tax-related information.
- Details of your spouse / partner and dependents or other family members.
- Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances.
- Details of your pension arrangements.
- CCTV footage of you attending our offices.
- Technical information when you visit our website, such as data from cookies and other similar technologies.
- Any personal information or data provided to us by you.
- Other personal data contained in correspondence and documents we receive in relation to a matter which you may be a party or otherwise concerned.
We may collect your personal data directly from you. However, on some occasions, we may also collect your personal data from other sources or third parties, including the following:
- Publicly accessible sources such as Companies House and the Land Registry.
- Third party service providers such as credit reference agencies.
- Your bank, building society or other financial institution or advisor.
- Your employer, professional body or pension administrator.
- Consultants and other professional engaged in relation to your matter.
- An executor or a trustee providing details of beneficiaries.
We do not seek to obtain personal data that falls outside the scope of this privacy notice and we kindly request that individuals do not furnish us with any unnecessary personal data. In accordance with data protection legislation we may destroy personal data supplied to us where we do not believe we have a sufficient legal basis to retain it.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Why Do We Need Your Personal Data?
We process your personal data on the following bases:
- Processing is necessary for the performance of a contract we have with you, such as us providing you with legal or other services; and/or
- Processing is required of us by law, for example, to provide you with legal services we may need your identification details to perform an anti-money laundering check; and/or
- Processing is undertaken for a legitimate interest pursued by us. For example, our commercial interest where we have provided you with some of our services we may contact you regarding other promotions or updates we believe might be beneficial to you; and/or
- Processing is undertaken on the basis you have consented to it. For example, if you have signed up to our legal updates newsletter.
How Will We Use Your Personal Data?
We may use your data in the following ways but only ever for the purpose for which it was collected:
- For recruitment purposes;
- To provide the legal services detailed on our website;
- To provide you with legal advice;
- To contact you about our services, promotions or updates;
- For invoicing purposes; and/or
- To comply with our legal obligations e.g. carrying out ID verification checks and AML/bankruptcy and credit searches.
- To run conflict checks.
- Any other use of your personal data that is necessary for us to comply with our legal and regulatory obligations.
The legal basis upon which we rely to use your personal data is as follows:
- To fulfil our own legitimate interests or those of the specialist credit reference agencies – that is both for credit control and for ID verification purposes.
- To comply with our own legal and regulatory obligations.
- For our performance of the contract for the provision of legal services to you.
- To fulfil our own legitimate interest and/or yours – that is to detect and prevent any criminal activity that could our reputation and/or yours.
- For our performance of the professional indemnity insurance contract with our insurer.
We are accountable for all the information you give us and we will tell you why we need the information when we ask for it. We will never sell your information and we will endeavour to keep your information as safe as possible – we take data security seriously.
We may also share your personal information with other entities connected with Good Law Firm Ltd which are based within the United Kingdom.
Third Party Processors
From time to time, only where necessary to facilitate our relationship with you, we may transfer your personal data to our third-party data processors. Processors have obligations under the data protection legislation with regards to your data as well as obligations in accordance with their contractual relationship with us.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
These third-party data processors include:
- Our professional advisers and auditors;
- Our IT service providers;
- Credit reference agencies;
- Professional advisers who we instruct on your behalf or refer you to;
- Other stakeholder involved in your matter, including the other party and their advisers;
- Government authorities and law enforcement officials, where necessary;
- Our professional indemnity insurance insurers, brokers or other relevant third parties, where necessary;
- Our bank;
- Potential buyers or acquirers, either in whole or part, of our firm;
- Successors in the interest of our firm, in the unlikely event of administration, liquidation or bankruptcy;
- Third parties involved in hosting or organising events or seminars where you have informed us you wish to attend.
We will never transfer your personal data outside the European Economic Area (“EEA”) without your consent.
Where we have already provided you with our services in some way we may contact you with regards to other services, promotions or events that we believe you may be interested in. If you do not wish to hear from us, please let us know by contacting us on firstname.lastname@example.org or by clicking on the “unsubscribe” link at the end of any of our marketing e-mail communications.
Once we have received notification that you have withdrawn your consent, we will no longer contact you for marketing purposes and, subject to our retention policy, we will dispose of your personal data securely.
If you have given us your consent to contact you by email or other means for marketing purposes we will only use the personal data provided for this purpose and your details will not be passed to any third parties. You have the right to withdraw your consent for processing at any time and should you wish to do so, please contact the Data Protection Compliance Manager or follow the unsubscribe option in the email you receive.
We may use your personal data to market out firm, our people and the services we can provide to you, whether you are a previous or existing client of ours. We may also share your personal data with other companies in our group of companies, namely:
- Good Advice UK
- Good Accounts UK
- Good Translation UK
- Good Computers UK
- Good Nest UK
- Good Entrepreneur UK
- Good Consultants UK
- Good Recruit UK
These companies may also share personal data with us.
Before we publish any client testimonials, as part of our marketing strategy, we will provide you with sufficient notice and information to request your consent, including your right to withdraw that consent at any time.
Retaining Your Personal Data
We have legal obligations as a company, an employer and a provider of legal services to retain records containing personal data, even after the main purpose of a relationship has ended, for example where we acted for you regarding the sale of your house and that sale has now completed.
In accordance with our obligations, legal documents will be retained for seven (7) years, after which archived files are destroyed. Nevertheless, for all personal data, once our obligation to retain the data ceases, we will cease processing and destroy it.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting our Data Protection Compliance Manager.
We maintain appropriate security measures to prevent the misuse, loss or disclosure of your personal data.
This notice is relevant whether your personal data was obtained directly from you or where your information was provided to us by a third party. Where you have been referred to us, for example by an estate agent, we will assume you are aware of who provided us with your information as it is standard procedure for them to inform you. If this is not the case, please let us know at your earliest convenience.
You have the right to access the personal data we hold for you and the right to request that your personal data be rectified, erased or transported to another data controller. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
You also have the right to be forgotten – this is also known as the right to request erasure of your personal data. This right enables you to request that we delete or remove any personal data provided this is permitted by the applicable data protection laws.
You have the right to object to the processing of your personal data when we rely on legitimate interest pursued by us or a third party or when we are processing your personal data for marketing purposes. In some of those circumstances however, and after conducting our own legitimate interest assessment, we may be able to show that there are compelling legitimate grounds to process your personal data that override your rights and freedoms.
Furthermore, you have the right to request the restriction of processing of your personal data. This right enables you to restrict or suspend the processing of your personal data in certain circumstances.
Lastly, you have the right to request the data portability of the personal data we hold about you. This right enables you to request the personal data we hold about you to be sent to you or a third party of your choice in a structured, commonly used, machine-readable format.
Should you wish to exercise any of these rights, please contact the Data Protection Compliance Manager. Alternatively, we may refuse to comply with your request in some circumstances.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
How to Complain
We hope that our Data Protection Compliance Manager can resolve any query or concern you raise about our use of your information.
The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at:
- Website: https://ico.org.uk/make-a-complaint/
- Telephone: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House. Water Lane, Wilmslow, Cheshire, SK9 5AF.
When someone visits our website, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to different parts of the site and for system administration purposes. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities or personal information of those visiting this website without making that clear.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow some control of cookies through the browser settings.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org.
Please see our Cookies Policy for further information.
This data is used to optimise our website for our visitors, however we will on occasions, use this data for marketing purposes, i.e. this data could be used to tell potential advertisers how many visitors we get to the website, where our visitors come from, what landing page they arrive on etc.
This data does include any personalised identification information such as; names, telephone numbers, email addresses, mailing addresses, social security numbers, bank account numbers, credit card information.
We then use the information to compile reports and to help us improve the site and target our marketing. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page. Google Analytics collects information anonymously and reports website trends without identifying individual visitors.
For more information on opting out of being tracked by Google Analytics across websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.
Facebook & Instagram