Who we are
This is the privacy statement of Grey & Co Solicitors Limited. Grey & Co Solicitors Ltd will be a "controller" of the personal information that you provide to us when you instruct us to act on your behalf unless otherwise stated in this privacy statement.
This privacy statement explains how we collect and use personal information about you.
What personal information we collect:
- Contact details (including home and business addresses, email, telephone number)
- Date of birth
- Photographic ID
- Family details
- Employment details (including current and previous employers)
- Income details from all sources
- Bank details and Utility bills
- Tax information including NI numbers and tax reference numbers
- Passport/driving license details
- Other relevant information that may be required to fulfil our services to you
This is not an exhaustive list and depends upon each individual case.
Where we collect personal information from
Information will generally be gathered directly from you by way of e-mail, telephone conversations, letters and meetings but may also be provided to us by employers, accountants, HMRC and other relevant third parties who hold personal data on you that is required to complete our legal services to you. If we acquire personal data about you from other sources we will normally seek your approval or comment on it before acting on it. If your personal data changes you should let us know.
Lawful basis for holding and processing information
The basis for using your data will be to fulfil our services/contractual duties to you together with necessity to comply with legitimate interests and legal obligations and regulations. We currently do not do any form of direct marketing and as such do not rely on consent as the basis for holding your data. Should we ever wish to use your data for these purposes we would only do this if express consent is first sought and given.
How we use your personal information
The purposes for which personal information is processed may include any or all of the following (the list is non-exhaustive)
- Deliver services and meet legal responsibilities
- Verify identity where this is required
- Communication by post, e-mail or telephone
- Understand needs and how they may be met
- Maintain records
- Process financial transactions
- Prevent and detect crime, fraud or corruption
Who we share your personal information with
Confidentiality is very important to us. We will not, therefore, share any of your personal information with anyone unless:
- We need to do so to carry out the transaction/work that we have agreed to do for you
- We are obliged to do so in order to comply with legal obligations
- We need to do so to protect your vital interests
- We need to do so in order to carry out a task in exercise of official authority given to us by Court, Parliament or Government body.
- It is within our legitimate interests to share your data and does not conflict with your fundamental rights or freedoms
- With your consent
Some of the processing activities we do may on occasion require us to share information with third parties. It would only ever be used for those processing purposes by the third party, and not be passed on for any other purposes. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party. They will also have to comply in full with the GDPR.
The following is a list of the main third parties with whom we may have to share personal information:
- Oversight regulators and statutory bodies (e.g. English and Scottish Courts and Tribunals Services, HMRC, The Law Society of Scotland, The Law Society of England and Wales, Scottish Legal Aid Board, The Books of Council and Session, The Home Office)
Software providers which allow us to operate efficient digital processes, including:
- Our external IT support providers: sfG Software Limited
For practical reasons, this is an indicative but not exhaustive list. Please also note that the list can be updated from time to time.
Our policy is to encrypt any sensitive data that is sent by e-mail.
How long we retain your personal information for you
We will gather your personal data manually and electronically and it will be stored in elecgtronic and hard copy formats while we are working for you and for a period after work has ended.
We are required by our regulators, insurers and to meet legal requirements to retain most data for a period of up to 10 years. This will apply to all electronic and hard copy data for existing clients. After a client no longer uses our services we will remove all electronic data from our systems within 6 months of them leaving. Hard copies will be retained in secure onsite storage until the 10 year requirement has been met. After 10 years all hard copy data is destroyed securely for all existing and previous clients.
We do not hold any personal information outside the EEA.
Using our website
We will only store or gather personal information from any users of our website should they use the e-mail functionality contained therein. This will generate an e-mail which is received by our Microsoft Office 365 inbox and stored on the secure hosted Microsoft Cloud.
Access to your information
You have the right to request a copy of the personal information about you that we hold.
Correcting your information
We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.
Deletion of your information
You have the right to ask us to delete personal information about you where:
- You consider that we no longer require the information for the purposes for which it was obtained.
- We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below.
- You have validly objected to our use of your personal information – see Objecting to how we use your information below.
- Or use of your personal information is contrary to law or our other legal obligations.
Objecting to how we may use your information – You have the right at any time to require us to stop using your personal information for direct marketing purposes should we ever seek consent to have used it for those purposes. In addition, where we use your personal information to perform tasks carried out in the public interest then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information. This right may apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don’t want us to delete the data. Where this right is validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
Automated processing – If we use your information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
Withdrawing consent to using your information – Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out below:
In writing: Andrew Neil Grey, 1st Floor, 46 Church Street, Inverness, IV1 1EH.
By Telephone: 01463 239011
Changes to our privacy statement
We keep this privacy statement under regular review. Paper copies of the privacy statement may also be obtained from our registered office – 1st Floor, 46 Church Street, Inverness, IV1 1EH.
This privacy statement was last updated on 4th May 2018.
We seek to resolve directly all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office, whose contact details are as follows:
Information Commissioner’s Office
Telephone 0303 123 1113 (local rate) or 01625 545 745