Privacy Policy and Data Protection

Woodlands Solicitors is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement which is set out to comply with the Data Protection Act 2018 and from 25/5/18 General Data Protection Regulation (GDPR) 2018 along with any other national laws.

We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 4^th April 2023.

We are the ‘Controller’ for data protection purposes. This means that we collect and hold your information and decide what it will be used for. We are subject to the requirements of data protection legislation applicable in England and Wales and must use your personal data in accordance with law. We are registered with the Information Commissioner’s Office (ICO).

Confidentiality

We keep your information confidential and will not disclose it to third parties unless disclosure is:

(a) Authorised by you;

(b) Necessary as part of the legal services we are providing to you;

(d) Necessary for the purposes of our legitimate interests or those of a third party (i.e., we have a compelling reason justifying disclosure); or

(e) Necessary to protect your vital interests or those of another person.

We may, on your authority, work with other professionals to progress your matter, and may need to disclose relevant information about you to them e.g., barristers, experts, costs specialists, other lawyers etc.

Where there is another party to the matter (i.e., opponent in litigation), we will liaise with their legal representative (or the third party directly if they are not represented) in order to progress your matter. This may involve disclosing relevant information about you to this party to enable us to provide services to you. Please contact us if you have any queries about this.

Sometimes We outsource aspects of our work to other people. We carry out due diligence and obtain confidentiality agreements from such providers.

What we may collect:

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you:

Identity and Contact Data includes first name, maiden name, last name, username or similar identifier, passport or other government document identification numbers, education background, work history, job title, tax status, residency status, marital status, title, date of birth, gender, billing address, delivery address, email address, telephone numbers
Financial Data includes bank account and other data necessary for processing payment and transfer and for fraud/theft prevention, including debit and credit card number, security code numbers and other information relevant to billing or the transfer of funds.
Business and Transaction Data includes the services you have purchased from us and information provided during your contractual relationship with us or otherwise provided by you.
Information Relevant to the Advice Supplied to you including personal data relevant to any case, dispute or other legal advice given to you.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
Profile Data includes any passwords to access our systems or portals or services, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing information from us, your communication preferences and information about how you use our websites(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information. To learn more about our use of cookies see our cookies policy.
Sensitive Personal Data: whilst acting for you, your employer or your business in relation to legal cases we may have to collect and use sensitive personal data (sometimes referred to as special category data), by which we mean racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual orientation or details of criminal offences, or genetic or biometric data about you.
Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel our contract with you but we will notify you if this is the case at the time.

How we collect your personal data

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your information, for example regarding your identity, contact and financial data, by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: enquire about our services, attend a meeting or event, subscribe to our service or publications, request marketing to be sent to you, enter a competition, promotion or survey; or give us feedback or contact us.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see “Cookies” below for further details.
Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources including client data and status verification services such as Vistra, LEM Verify, the Electoral Roll, from your other professional advisers;
Technical Data from the following parties: analytics providers such as Google based outside the UK, advertising networks such as LinkedIn and Google inside or outside the UK, search information providers based inside the UK.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services
Identity and Contact Data from data brokers or aggregators or from publicly available sources such as Companies House and the Electoral Register.

How we use your personal data

We will only use your personal data when the law allows us to:

to perform the contract, we are about to enter into or have entered into with you.
for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
to comply with a legal and/or regulatory obligations.
good practice, e.g. completing conflict of interest checks, identifying clients and verifying their identity (including using third party suppliers to do so) and other client case actions, and preventing money laundering and terrorist financing;
for insurance, audit and accreditation purposes;
to process applications for employment;
operational and administrative reasons, such as recording transactions, training, collection of our fee or costs (including if legal proceedings are required) and quality control and governance and reporting;
protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
data analytics to improve our website, products/services, marketing, customer relationships and experiences;
statistical analysis;
updating and enhancing client records and managing client relationships, for example:
analysis to help us manage our practice (including requests to partake in surveys) and data analytics to improve our website, products/services, marketing, customer relationships and experiences;
staff administration and training, monitoring staff conduct, disciplinary matters;
credit reference checks via external credit reference agencies.

We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided when you opt in to receive such material, or contact you for market research purposes. We may contact you by email, phone, fax or mail depending on the means of preferred communication you provided when you opted in to receive such material, and notify you of any changes to our services

Use and Retention of Information

We will only retain your personal data for as long as is necessary to fulfil the purposes for which it is collected. In doing so we give consideration to:

requirements of our business and the services provided
any statutory or legal obligations
lawful grounds for which we originally collected the personal data.

Once Your matter has concluded, We will hold your files on archive for at least 6 years from the date that the matter is closed in line with our file retention periods. After that period has elapsed, we will destroy your file securely and/or delete it from our electronic records. Once that has happened, your file will no longer be available.

Security of Information

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We have put in place procedures to deal with any suspected personal data breach within 72 hours and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Data Rights

Right to be informed about the collection and use of personal data;
Right to access personal data – request details from us of the personal data that we hold about you;
Right to object to processing – tell us to stop processing personal data, only want us to use the personal data for a specific purpose;
Right to rectification – ask us to correct personal data that we hold because you believe it is inaccurate;
Right to erasure – ask us to delete the personal data we hold;
Right to object to automated individual decision-making including profiling – object to us making decisions about you solely by using a computer system without human consideration;
Right to data portability – request transfer of information to another organisation, or to you, in certain circumstances.

Where you consent to us using your personal data, you are entitled to withdraw that consent at any time. You can do this by informing your solicitor or contacting our designated Data Protection Officer.

The rights described above are not absolute rights (not rights that will be automatically granted). We have to consider whether there are any reasons why we cannot meet your request. For example, We will not be able to delete data that we are legally obliged to keep. We will let you know if we are not able to meet your request and the reason why (where it is appropriate to disclose this information to you).

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
if you previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us.

This website uses Google AdWords

This website uses the Google AdWords remarketing service to advertise on third party websites (including Google) to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an enquiry. This could be in the form of an advertisement on the Google search results page, or a site in the Google Display Network. Third-party vendors, including Google, use cookies to serve ads based on someone’s past visits to the website. Of course, any data collected will be used in accordance with our own privacy policy and Google’s privacy policy.

You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.

Any changes we make to our Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes.

If you have any questions regarding this notice, please contact the Practice Manager at Woodlands Solicitors.

You also have the right to complain to the Information Commissioner’s Office (ICO) if You are not happy with the way that We handle personal data. You can contact the ICO at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or by calling the ICO’s helpline on 0303 123 1113.

PERSONAL INFORMATION

There are two types of personal data (personal information) that you may provide to us

PERSONAL DATA

It is the general information that you supply about yourself – such as your name, address, gender, date of birth, contact details, financial information, etc

SENSITIVE PERSONAL DATA

It is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data.

WHERE DO WE GET YOUR INFORMATION FROM

In the majority of cases personal data will be restricted to basic information and information needed to complete ID checks. However some of the work we do may require us to ask for more sensitive information. Information about you may be obtained from a number of sources; including:
You may volunteer the information about yourself.
You may provide information relating to someone else – if you have the authority to do so.
Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be:

Banks or building societies
Panel providers who allocate legal work to law firms
Organisations that have referred work to us
Medical or financial institutions – who provide your personal records / information

The primary reason for asking you to provide us with your personal data, is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.

WHERE WILL BE USING YOUR INFORMATION

The following are some examples, although not exhaustive, of what we may use your information for

Verifying your identity
Verifying source of funds
Communicating with you
To establish funding of your matter or transaction
Obtaining insurance policies on your behalf
Processing your legal transaction including:
Providing you with advice; carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions
Keeping financial records of your transactions and the transactions we make on your behalf
Seeking advice from third parties; such as legal and non-legal experts
Responding to any complaint or allegation of negligence against us

WHO HAS ACCESS TO IT

We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. Generally, we will only use your information within Woodlands Solicitors.

However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:

HM Land Registry to register a property
HM Revenue & Customs; e.g. for Stamp Duty Liability
Court or Tribunal
Solicitors acting on the other side
Asking an independent Barrister or Counsel for advice; or to represent you
Non legal experts to obtain advice or assistance
Translation Agencies
Contracted Suppliers
External auditors or our Regulator the SRA
Bank or Building Society; or other financial institutions
Insurance Companies
Providers of identity verification
Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
If there is an emergency and we think you or others are at risk

In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.

There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.

HOW DO WE PROTECT YOUR PERSONAL DATA

We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.

We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.

We use computer safeguards such as firewalls and data encryption and annual penetration testing; and we enforce, where possible, physical access controls to our building and files to keep data safe.

HOW LONG WILL WE KEEP IT FOR

Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:

As long as necessary to carry out your legal work
For a minimum of 6 years from the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us

Under GDPR, you are entitled to access your personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing addressed to our Data Protection Officer Mr Akbar Sarwar; or contact the person dealing with your matter.

A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.

Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:

The right to be informed
Which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data
The right to rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete
The right to erasure / ‘right to be forgotten’
You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:

Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
Where you object to the processing and there is no overriding legitimate interest for continuing the processing
The personal data was unlawfully processed
Where you object to the processing for direct marketing purposes

The right to object
You have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:

An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
You must have an objection on grounds relating to your particular situation
We must stop processing your personal data unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms
- The processing is for the establishment, exercise, or defence of legal claims.

The right to restrict processing
You have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:

Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
Where processing is unlawful and you request restriction
If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.