Here at Anthony Philip James & Co Limited, we understand that protecting your personal information is very important.
This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.
This notice does not apply to any websites that may have a link to ours.
1. Who we are:
Data is collected, processed and stored by Anthony Philip James & Co Limited (“APJ Solicitors”), and we are what is known as the “data controller” of the personal information you provide to us. We handle and store your personal information in line with the law, including the General Data Protection Regulation and the Data Protection Act 2018.
APJ Solicitors is a limited company, authorised and regulated by the Solicitors Regulation Authority under number 629443.
Our Data Protection Officer is Andrea Murray who can be contacted by email at email@example.com
Alternatively, you can write to our Data Protection Officer, APJ Solicitors, 7700 Daresbury Park, Daresbury, Warrington, WA4 4BS.
Our website and services are not aimed specifically at children, this is because in legal work children are usually represented by their parent or guardians. If you are a child and require further advice or explanation about how we would use your data, please email firstname.lastname@example.org
What we need:
The exact information that we will request from you shall depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us.
Personal Data: This is the general information that you supply about yourself – such as your name, address, date of birth, contact details, financial information etc.
Sensitive Personal Data: This is by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and general data.
In the majority of cases personal data shall be restricted to basic information and information needed to complete ID checks. However, some of the work we do may require us to ask for more sensitive information.
Sources of Information:
Information about you may be obtained from a number of sources including:-
• You may volunteer the information about yourself
• You may provide information relating to someone else (if you have the authority to do so)
• Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be:
o Banks or building societies
o Panel providers who allocate legal work to law firms
o Organisations that have referred work to us
o Financial institutions who provide your personal records / information
Why we need it:
The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests, which will ordinarily be to represent you and carry out your legal work.
The following are some examples, although not exhaustive, of what we may use your information for:-
• Verifying your identity
• Verifying source of funds
• Communicating with you
• To establish funding of your matter or transaction
• Obtaining insurance policies on your behalf
• Processing your legal transaction, including providing you with advice, carrying out litigation on your behalf, attending hearings on your behalf, preparing documents or to complete transactions.
• Keeping financial records of your transactions and the transactions we make on your behalf
• Seeking advice from third parties; such as legal and non-legal experts
• Responding to any complaint or allegation of negligence against us.
Who has access to it?
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. Generally we only use your information within APJ Solicitors.
However, there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties for example:-
• HM Revenue & Customs;
• HM Land Registry;
• Court or Tribunal;
• Solicitors acting on the other side;
• Asking an independent barrister or Counsel for advice or to represent you;
• Non legal experts to obtain advice or assistance;
• Translation Agencies;
• Contracted suppliers;
• Outsourcing companies;
• External auditors or our Regulator, i.e. Lexcel, SRA, ICO etc;
• Payment Service companies that process transactions for us (e.g. Direct Debits and card transactions, automated payment service);
• Bank or Building Society; or other financial institutions;
• The Financial Ombudsman Service, Financial Services Compensation Scheme, Pension Ombudsman Service;
• Communication providers (e.g. telephone line providers, and email and text/live chat service providers);
• Prospective third party funders;
• Insurance Companies, i.e. for acquiring After the Event Insurance;
• PR & Marketing agencies who help to promote our products and services and manage our brands;
• Advertisers and social media companies such as Facebook, Google and Twitter for our social media accounts or where we can contact you using your social media account;
• Third parties who may have introduced you to our services who may require updates;
• Other Third Parties: Where we have your consent to do so, or where we are required to do so under a legal or regulatory obligation, such as the prevention of financial crime or terrorism;
• We might share some of your information with the emergency services if we think you or others are at risk.
In addition to the above, to enable us to provide our services to you, the following third parties provide critical functions to our business and will process your personal information as directed by us and in accordance with strict data security arrangements:
In the event any of your information is shared with the above third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
Sharing your data outside of the EEA:
For convenience or as a matter of necessity, where we share personal data for the reasons outlined in this policy, we may transfer it to countries or territories outside the of the European Economic Area (EEA). We may also do so if we decide to use a third party to process personal data for us who is located outside or conducts processing outside the EEA. We make these transfers when we deem it appropriate for the administration of our business, to provide or obtain services from third parties.
Where we transfer data outside of the EEA, we will use a method specified in the GDPR which provides an adequate level of protection for the rights and freedoms of affected persons.
Data Privacy and security:
We take the protection of personal information very seriously and we will deploy appropriate measures to maintain the confidentiality, integrity and availability of the information you have provided.
Such measures include:
• Company security policies and standards.
• Staff security awareness.
• Role based and biometric access controls to prevent unauthorised access to the information.
• Encryption and anonymisation technology.
• Anti-malware technologies.
• Security monitoring.
• Security testing.
• Secure archiving and deletion.
• Compliance with industry regulation and legislation.
We maintain a comprehensive data management work programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold personal data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.
We also maintain an active information security work programme which seeks to protect the availability, confidentiality and integrity of all physical and information assets. Specifically, this helps us to:
• Protect against potential breaches of confidentiality.
• Ensure all IT facilities are protected against damage, loss or misuse.
• Secure archiving and deletion.
• Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and
• Compliance with industry regulation and legislation.
• Ensure the optimum security of this website.
Under the terms of data protection legislation, you have the following rights
Right to Be Informed
This privacy notice, together with our Cookies Policy, fulfils our obligation to tell you about the ways in which we use your information as a result of you using this website.
Right to Access
You have the right to ask us for a copy of any personal data that we hold about you. This is known as a “Subject Access Request”. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost. We will send you a copy of the information within 30 days of your request.
To make Subject Access Request, please write to our Data Protection Officer, APJ Solicitors, 7700 Daresbury Park, Daresbury, Warrington, WA4 4BS or email email@example.com
Right to Rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete.
If any of the information that we hold about you is inaccurate, you can either:
• Contact us on 0800 028 9791 or email: firstname.lastname@example.org
• Contact our Data Protection Officer, APJ Solicitors, 7700 Daresbury Park, Daresbury, Warrington, WA4 4BS
Right to Erasure / Right to Be Forgotten
You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following circumstances:
• Where the personal data is no longer necessary in regard to the purpose for which it was originally collected
• Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
• Where you object to the processing and there is no overriding legitimate interest for continuing the processing
• The personal data was unlawfully processed
• Where you object to the processing for direct marketing purposes
Right to Object
You have the right to object to the continued use of your data for any purpose listed above for which consent is identified as the lawful basis for processing i.e. you have the right to withdraw your consent at any time. The continued use of your data for any purpose listed above for which the lawful basis of processing is that it has been deemed legitimate.
Right to Restrict Processing
You have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances.
• When you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
• Where you object to processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
• Where processing is unlawful and you request restriction
• If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim.
If you wish us to restrict the use of your data please contact our Data Protection Officer at email@example.com
Right to Data Portability
In some cases you may be able to request for your information to be provided to you or to another company in a format that can be processed electronically by you or the other company. If you want to request this you will need to contact us.
Rights Related To Automated Decision-Making
If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact our Data Protection Officer at firstname.lastname@example.org
There may be occasions where we are unable to delete the data due to our legal or regulatory obligations. We will however discuss this with you if you request for your information to be deleted.
How long do we keep your personal information for?
We will typically retain information for a period of seven years. This is due to regulatory reasons and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.
How we collect personal data:
The following are examples, although not exhaustive, of how we collect your personal information:-
• Sign up to receive one of our newsletters;
• Submitting an online enquiry
• Following / liking / subscribing to our social media channels
• Completing a questionnaire on our website
• Ask us a question or submit any queries or concerns you have via email or on social media cannels
• Post information to our website or social media channels, for example when we offer the option for you to comment on, or join, discussions
• When you leave a review about us on Trustpilot.com
We collect your personal data, you will be provided the opportunity to opt in to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
As APJ Solicitors handle enquiries at different stages, we group these enquiries in two distinct ways. We will take the following steps in each instance:
Prospects: Consent will need to be recorded before being added to marketing campaigns.
Retainer Clients: Legitimate interest will be the legal basis. Relevant marketing communication by email will be sent during the case and once the case has been closed. Clients have the option to exclude themselves from marketing by clicking the unsubscribe link on all of our emails, on the telephone when speaking with an advisor or contacting APJ Solicitors by email or on social media.
Any contacts who have not engaged by opening an email over a period of 6 months will be removed from marketing communications.
Whenever we collect your personal data, you will be provided the opportunity to opt in to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
We appreciate that you may decide that you do not want us to use your personal data in this way and we will respect that choice. We have a legal obligation under the DPA and GDPR to stop sending you marketing communications if you object. If you do not want APJ to use your personal data in this way please email email@example.com or write into us at:
The Data Protection Officer
Anthony Philip James & Co Ltd
Building 7700 Daresbury Business Park
How we may use your details:
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
• Fraud prevention
• Direct marketing
• Network and information systems security
• Data / analytics / enhancing, modifying or improving our services
• Identifying usage trends
• Determining the effectiveness of promotional campaigns and advertising.
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.
You have the right to object to this processing. Should you wish to do so please email firstname.lastname@example.org
We use publicly available social media platforms to promote our services, to provide updates and to share any news and promotional updates. We may collect personal information from these social media platforms, for example, if you post a message on our Facebook page.
By providing any of your information to us through these platforms you should be aware that:
• The social media web pages are publicly available, and you must not provide any personal or sensitive information on our pages that are accessible to the public, such as your account information. We may ask you for your account information via a private message to identify you and to service any request you make; and
Other types of advertising
We do not have any control over the advertisements you see on other third party websites however you can request to opt out or customise these advertisements by using the Google Ads Preference Manager.
We record any telephone calls you make to us or we make to you or any other third party. This is for training, monitoring and quality purposes and to meet our legal and regulatory obligations. Some telephone calls may be observed by staff for training and development purposes.
We may keep a copy of the telephone calls for up to 6 years from the date the telephone call was made.
If you have any questions or queries or wish to raise a complaint on how we have handled your personal data you can contact our Data Protection Officer who will investigate further, using the address or email below:
Data Protection Officer
7700 Daresbury Park
If you are not happy with how we process your personal information you should contact us in the first instance. If you’re not happy with how we have dealt with your complaint you have the right to lodge a complaint with the Information Commissioner’s Office. You can find their details on their website at https://ico.org.uk/