“I would like you to know how indebted I feel to you and your colleagues. The thoroughness and professionalism you showed over this period together with the humanity with which you engaged with me made an important contribution to my ability to cope. Thank you so much.”


Mr SD
Read more testimonials

Transparency Notice

SANSBURY DOUGLAS
GDPR PRIVACY POLICY & TRANSPARENCY NOTICE
This transparency notice sets out what personal data Sansbury Douglas Solicitors hold about you, how we collect it and how we will use your personal information that you provide to us when you use our website, talk to us in person or on the telephone and send documents to us. This covers the period during and after your relationship with us. It is important that you read this Notice, together with our Terms of Engagement that we will provide on occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.

1. About this Notice
The General Data Protection Regulation (GDPR) provides better protection for personal data and enhances the rights of individuals. Sansbury Douglas Solicitors provides legal services and in order for us to be able to help you, we ask for personal data, which we then store, use and process. We recognise the importance of treating personal information with respect and care, as well as our legal and statutory obligations. We are committed to protecting your privacy and will only use personal information as set out in this Transparency Notice.

2. Who does this notice apply to
This notice applies to prospective, existing and former Clients of Sansbury Douglas, employees, individual and business contacts and prospects; referrers; individuals who request information from us; any person who provides services to us, either as an individual or as the employee or representative of a corporate service provider; third parties acting for our Clients; parties on the other side of our Client matters and lawyers acting for such parties.

3. Who we are
Sansbury Douglas are a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information about you, and explaining it clearly to you.

4. What Type/classes of information do we process/hold
Your ‘personal data’ is information about you from which you can be identified such as your name, address and phone number.

This information may include:

  • Personal details
  • Family details
  • Lifestyle and social circumstances
  • Financial details
  • Education and employment details

Some of your information is sensitive. The GDPR refers to this information as ‘special categories’ of data. We need to collect this only to the extent required for the specific matter you enquire about or instruct us to represent you on.

The processing of sensitive classes of information may include:

  • physical or mental health details
  • racial or ethnic origin
  • political opinions
  • religious or other beliefs
  • Trade union memberships
  • sex life and sexual orientation
  • Genetic data
  • criminal proceedings, outcomes and sentences

5. Lawful basis
We will only use your personal information when the law allows us to. Most commonly, we will rely on the following as the lawful bases on which we collect and use your personal information:

  • If you are a client, processing is necessary for the performance of a contract for legal services or in order to take steps at your request prior to entering into a contract.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we rely on legitimate interests for our processing, we will advise you of the relevant interest.
  • Where we need to comply with a legal obligation to which we are subject (including carrying out anti-money laundering or due diligence checks).

We may also use your personal information in the following situations, which are likely to be rare:

  • Where we need to protect your vital interests (or someone else’s interests).
  • Where it is needed in the public interest.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

In relation to categories which are considered to be particularly sensitive information and include information about criminal convictions or proceedings, we are entitled by law to process the information where the processing is necessary for legal proceedings, legal advice, or otherwise for establishing, exercising or defending legal rights.

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. Sources of information:
The personal information we obtain may include information which has been obtained from:

  • other legal professionals
  • experts and other witnesses
  • prosecution authorities
  • courts and tribunals
  • lay clients
  • family and associates of the person whose personal information we are processing
  • business associates, professional advisers and trade bodies
  • data processors, IT support staff, email providers, data storage providers

7. How will we use the information about you?
We may use your personal information for the following purposes:

  • to provide legal services, including the provision of legal advice and representation in courts,
  • to keep accounting records and carry out office administration
  • to take or defend legal or regulatory proceedings or to exercise a lien
  • to respond to potential complaints or make complaints
  • to check for potential conflicts of interest in relation to future potential cases
  • to carry out anti-money laundering and due diligence checks
  • to train other solicitors and when providing work-shadowing opportunities
  • as required or permitted by law.

If you decide to be represented by us your data will be subject to the terms set out in the Terms of Engagement Letter. If you do not become a client of Sansbury Douglas will retain your data under the provisions of the General Data Protection Regulations (GDPR).

We use information collected from the website to personalise your repeat visits to our website by the use of cookies.

8. Data sharing
If you are a client, some of the information you provide will be protected by legal professional privilege unless and until the information becomes public in the course of any proceedings or otherwise. As solicitors we have an obligation to keep your information confidential, except where it otherwise becomes public or is disclosed as part of the case or proceedings.

In order to deal with your enquiry, provide you with legal services and comply with your instructions relating to your case, we may also need to share your personal data with other parties for the purposes set out in our Terms of Engagement Letter. These parties include other professionals such as Barristers, Judges, court staff, experts, accountants, translation agencies and with other third parties helping us provide legal services to you. All of those parties are also subject to the provisions of the GDPR.

We may also share your information if we refer you to a third party adviser for specialist advice or if we are prevented from acting for you due to a conflict.

If you are a Client, we share your personal information with other data controllers where required by law, such as to comply with our Anti-Money Laundering procedures, or to meet our regulatory requirements or as required by our insurers. Personal information is also shared with the Solicitor’s Regulation Authority (SRA), HMRC or other government or law enforcement agencies; other auditors for the purposes of auditing our compliance with our legal obligations and the SRA rules and our insurance provider and professional indemnity insurance broker. We may also be required to pass your personal data to authorities such as the Legal Aid Agency and HM Courts and Tribunal Service.

Sansbury Douglas use third party contractors to maintain our computer systems and our website and they may have access your personal data. Similarly third-party service providers are used to carry out confidential waste disposal. All third party contractors to Sansbury Douglas who may view and process data have provided confirmation of their compliance with GDPR regulations and the safeguarding of any personal data held on our computer systems or website and on any computer system required to be used by the third party.

Where we share information with other data controllers, they are responsible to you for their use of your information and compliance with the law.

9. Transfer of your information outside the European Economic Area (EEA)
If you reside outside the EEA or your case involves persons or organisations outside the EEA then it may be necessary to transfer some of your data to that country outside of the EEA for that purpose. If you are in a country outside the EEA or if the instructions you provide come from outside the EEA then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information please indicate this when providing initial instructions.

If your information has to be transferred outside the EEA, then it may not have the same protections and you may not have the same rights as you would within the EEA.

10. How long we retain the information about you?
As a legal firm based in England and Wales we are required to retain all client data for a minimum of six years after which time under the terms set out in the GDPR you can request its removal. Personal data held from a website or telephone enquiry where the individual providing the personal data does not become a client of Sansbury Douglas can request deletion of their personal data at any time.

11. Data security
We have put in place robust technical measures to protect the security of your information. Details of these measures are available upon request.

Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and where they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

12. Your rights in connection with personal information
Under GDPR you have a number of enhanced rights that you can exercise in certain circumstances.
In summary, you may have the right to:

  • Ask for access to your personal information;
  • Ask for your personal information to be erased, in certain circumstances;
  • Ask for correction of mistakes in your data or to complete missing information we hold on you
  • Receive a copy of the personal information you have provided to us or have this information sent  to a third party. This will be provided to you or the third party in a structured, commonly used and machine readable format, e.g. a Word file;
  • Object at any time to processing of your personal information for direct marketing
  • Restrict our processing of your personal information in certain circumstances;
  • Object in certain other situations to the continued processing of your personal information;
  • Request not to be the subject to automated decision-making which produces legal effects that concern you or affects you in a significant way.

Further information about these rights can be found on the Information Commissioners Website www.ico.org.uk/for-the-public/.

If you would like to exercise any of these rights, please:

  • email, call or write to Katie Jenkins at Sansbury Douglas Solicitors
  • let us have enough information to identify you
  • let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • let us know the information to which your request relates, including any account or reference numbers, if you have them.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

Please, note that for data held by solicitors there are exceptions to some of these rights. We will, of course, respond to any subject access requests in a timely fashion.

13. Changes to this privacy notice:
This privacy notice was published in May 2018 and will be reviewed again in 12 months’ time.

We continually review our privacy practices and may change this policy from time to time. When we do it will be placed on the website.

14. Contact Details
Please address any questions, comments and requests regarding Sansbury Douglas’ data privacy to Katie Jenkins at kjenkins@sansburydouglas.co.uk. You can also direct complaints about Sansbury Douglas regarding your personal data to Katie Jenkins and/or to the Information Commissioner’s Office on telephone number 0303 123 1113 or at https://ico.org.uk/concerns/.

    Contact us

    *required fields

    Email*