- Wilson Solicitors LLP are committed to compliance with relevant UK and European data protection laws and will responsibly protect the information you provide to us and the information we collect in the course of operating our business.
- Your use of our services, including when you request information from us and when you engage Wilson Solicitors LLP for the provision of legal services.
- Third parties instructed in connection with our provision of legal services to you
- Contractors and suppliers with whom we contract for the purposes of managing and running our business.
- When we use personal information about you or others in connection with providing our legal services to clients we do so as a data controller.
The types of information we process
- We will process personal information we receive directly from you, on your behalf, other organisations with whom you have dealings, government agencies, publicly available records and the third parties described in ‘How we share the information’ below.
We may collect current and historical personal information including/relating to: your name, contact details, identification, ethnic origin, marital status, employment/business, finances, academic history and criminal offences/convictions (this is non-exhaustive which depends on the circumstances).
As some personal information is sensitive, we shall seek your consent to process this information. You may withdraw consent at any time as described in ‘You and your rights’ below.
Debit and Credit Card Information
Receipts of funds in settlement of bills or on account of costs can be processed through Barclaycard. We may collect your data to process a credit/debit card transaction, which may be passed onto a third party service provider to complete the financial transaction. Card details will only be held to complete the single transaction. We will not store your card details in our office, physically or electronically.. If you use your credit or debit card to make a payment we will ensure this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
How we use the information
Your data will only be used for the service you have requested.
We may use your personal information if:
- It is necessary for the performance of a contract with you or our client on your behalf (e.g. when we are providing our services to you as envisaged by our engagement letter);
- It is necessary in connection with a legal obligation (eg when we are carrying out anti-money laundering and conflict checks);
- You have provided your consent to such use (eg you have approved the use of a specific third party to assist on your matter);
- We consider such use of your information as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests (eg to attend court hearings to represent you, make appointments on your behalf, to manage fees and invoicing, or to recover money owed to us); or
- We are otherwise required or authorised by law.
- We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
- Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|Provide legal services||Your personal data and electronic material that you provide to us which we generating in connection with the legal service that forms the subject of our contract with you||
|If you apply for a job with us||Identity data and contact data, as listed in the application form.||
|Conducting business with you||Identity data (such as name, email address and telephone number).||
|To manage our relationship with you which will include:
- We also use your information to:
- fulfil our legal requirements (including in relation to anti-money laundering) and professional obligations;
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
How long we retain information
- We recognise that it is important to only retain your personal information for as long as is required by law (which is currently 6 years) or we consider reasonably necessary, after which we will confidentially destroy it.
Records in Immigration Matters
- Due to the nature of immigration services, a full record of information obtained from you, third parties and advice provided by us shall not be retained longer than 15 years unless you request that it be erased.
- This is because we consider that it is in your best interests that we retain a full history of data which may be relevant to future matters you instruct us to deal with.
- Such data can also be relevant to your immigration position should there be any dispute with the authorities or for us to be able to provide you with a record should you misplace important immigration documents. If you would like us to rectify or erase your data please refer to the section on ‘You and your rights’ below.
How we share the information
- We may share your information with third parties where
- you have provided consent;
- we are under a legal, regulatory or professional obligation to do so (for example, in order to comply with anti-money laundering requirements);
- it is necessary for the purpose of, or in connection with, legal proceedings, or to exercise or defend legal rights;
Protection and storage of the information
- We hold information securely in electronic or physical form and prevent any unauthorised access, modification or improper disclosure.
Information relating to client’s matters is stored in the following ways:
- Paper files
- In personalised electronic files, bearing their own reference on a password protected integrated computer network
- Secure off-site outsourced paper storage following the conclusion of the matter.
Our information security practices are supported by a number of security safeguards, processes and procedures. We store information in access controlled premises or in password protected electronic form. We require our third party IT providers to comply with appropriate information security industry standards. All staff and third party providers with access to confidential information are subject to confidentiality obligations.
You and your rights
- Subject to applicable laws, you may have certain rights regarding information that we have collected and that is related to you. We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate.
- You can also ask us to:
- see what personal information we hold about you,
- to erase your personal information
- You may tell us if you object to our use of your personal information.
- You have a right to complain to the Information Commissioner’s Office (ICO), but we would prefer you to contact us first. We should be able to resolve any matter quickly and to your satisfaction.
- The Information Commissioner’s Office (ICO) is contactable through their website at https://ico.org.uk/ or their help line on 0303 123 1113 or 01625 545745.
The address of the ICO is:
Information Commissioner’s Office
How to contact us
If you would like to contact us with questions about our privacy practices, please contact our Data Protection Manager, Michael Hanley on firstname.lastname@example.org
If you are a data controller or a data processor
If you are a data controller or a data processor in your own right, and you provide personal data to us, you confirm to us that you have a lawful basis for doing so under data protection law and all necessary consents, where required.
- This is a living document which we may update from time to time.