skip to Main Content
Tel: 02921 320 150 | E-Mail: info@duddenlaw.co.uk

Privacy Notice

– General Data Protection Regulations (“GDPR”)

Information for Clients – Introduction

The General Data Protection Regulations (GDPR) are European regulations which  introduce changes to the Date Protection Act 1989 that includes additional rights for individuals in relation to their personal and sensitive personal data.

GDPR applies to all EU Member States from 25 May 2018. Dudden Law Solicitors are committed to protecting and keeping confidential all the information you provide to us, subject to certain legal duties set out in our client care letter sent to you at the outset of your matter.

We ask that you read this privacy notice carefully as it contains important information about   who   we   are,   how   and   why   we   collect,   store,   use   and   share   personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.

Who are Dudden Law Solicitors

Dudden Law Solicitors is the trading name of R Dudden Law. The office is at Roath Chambers,   80   Albany   Road,   Cardiff,   CF24   3RS.   It   is   a   legal   practice   which   is authorised   and   regulated   by   the   Solicitors   Regulation   Authority   under   number 629102.

We collect, use and is responsible for certain personal information about you. We are required by the GDPR to be registered with the Information Commissioner and Dudden Law Solicitors is responsible as the ‘controller’ of that personal information.

The law states that we  are allowed to use personal information only if we  have a proper and lawful reason to do so.

The GDPR says we must have one or more of these reasons to use your personal  information:

– Contract:

the processing is necessary for a contract we have with an  individual, or because they have asked us to take specific steps before entering into a contract.

– Legal obligation:

the processing is necessary for you to comply with the law (not including contractual obligations).

– Legitimate interests:

the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.

– Consent:

the individual has given clear consent for us to process their personal data for a specific purpose.

– The personal information we collect

In the course of your legal transaction we collect the following personal information when you provide it to us:

– Name, address, date of birth, contact information (telephone and email where appropriate) and National Insurance number (where appropriate)

– Identity information and documentation

– Additional   information   in   relation   to   your   legal   transaction   to   enable   us   to advise you and progress your case. This will depend on the type of legal work you instruct the firm to undertake.

The personal information we use

We use your personal information primarily to enable us to provide you with a legal service in accordance with your instructions. We also use your personal information for  related   purposes   including   identity  verification,   administration   of  files,   updating existing records if you  have  instructed us previously,  analysis  to help improve  the management of the firm, for statutory returns and legal and regulatory compliance.

The information will be held in hard copy and/or electronic format.

You are responsible for ensuring the accuracy of all the personal data you supply to us,   and   we   will   not   be   held   liable   for   any   errors   unless   you   have   advised   us previously of any changes in your personal data.

We will only take instructions from you or someone you authorise in writing. Where you   are   acting   as   an   agent   or   trustee,   you   agree   to   advise   your   principal   or   the beneficiary   of   the   trust   that   their   personal   information   will   be   dealt   with   on   these terms. If we are working on your matter in conjunction with other professionals who are advising you, including experts, barristers, banks, building societies, mortgage lenders, estate agents etc., we will assume, unless you notify us otherwise, that we may share and disclose relevant personal data and information about your matter to them, if we feel it is appropriate and necessary.

We use a private, secure, cloud computing case management system hosted by our IT partners. All IT providers we use are subject to strict confidentiality agreementswith this firm and we will ensure that they meet GDPR obligations in relation to the service they provide to us. All of the personal information you provide to us is kept in the UK; we will not transfer any of your personal data to another country outside the UK unless you specifically instruct us to do so.

The personal information we share:

Subject to the SRA Code of Conduct and the requirements with regard to client  confidentiality, we may share your personal information with:

– Lawyers or other organisations on the other side of your case

– Barristers or experts we instruct

– The courts and other tribunals

– Your Personal Representatives or Attorneys

– Auditors

– Lenders

– Estate Agents, IFAs, Referrers, etc

– Organisations that we introduce you to

– HM Revenue and Customs

– The government both Central and Devolved

– Fraud Prevention Agencies including the National Crime Agency

– The SRA and other regulators

– ID checking organisations

– Selected 3rd party processors, including those utilised to maintain internal  software / hardware, for communications purposes or where we outsource any of our business functions under which we collect or store your data, in which case we will  ensure that any such service provider adheres to at least the same obligations of security with regard to your data as undertaken by us.

There   may   be   occasions   when   we   are   under   a   legal   duty   to   share   personal information   with   law   enforcement   or   other   authorities,   including   the   Solicitors Regulation Authority or the Information Commissioner. If we are required to disclose.

Information   to   the   National   Crime   Agency,   we   may  not   be   able   to   tell   you   that   a disclosure has been made. We may have to stop working for you for a period of time and may not be able to tell you why. We cannot be held liable for any loss you suffer due   to   delay   or   our   failure   to   provide   information   in   these   circumstances. Occasionally some of our client files may be audited strictly confidentially by external auditors   or   examiners   to   ensure   we   meet   our   legal,   quality   and   financial management standards.

Some information may be disclosed to our professional indemnity insurers and to our financial auditors if required, but this information is provided on a strictly confidential basis where this concerns individuals.

Special categories of data Special categories of data are data relating to your:

– Health

– sex life

– sexual orientation

– race

– ethnic origin

– political opinion

– religion

– trade union membership

– genetic and biometric data.

We   must   process   special   categories   of   data   in   accordance   with   more   stringent guidelines.

Most   commonly,   we   will   process   special   categories   of   data   when   the following applies:

– you have given explicit consent to the processing

– we must process the data in order to carry out our legal obligations

– we must process the data in order to carry out the contract to provide legal  services to you

– we must process data for reasons of substantial public interest

– you have already made the data public

We will use your special category data:

– when processing is necessary for the establishment, exercise, or defence of your legal matter.

– for the purposes of equal opportunities monitoring

– to determine reasonable adjustments

We do not need your consent if we use special categories of personal data in order to   carry   out   our   legal   obligations   or   exercise   specific   rights,   including   where processing is necessary for the establishment, exercise, or defence of legal matter.

However,  we  may ask for your consent to allow us to process certain particularly sensitive   data. If  this occurs, you  will  be  made  fully  aware  of the  reasons  for  the processing. As with all cases of seeking consent from you, you will have full control over   your   decision   to   give   or   withhold   consent.   Consent,   once   given,   may   be withdrawn at any time.

You have the right to withdraw your consent by contacting us as stated above.

However, if you do so then we may not be able to progress you case or indeed  continue to act for you.

You  may object at any time and refusing your consent will not affect our work for you. We will not submit files for external audit or disclose personal information to directories where there is particularly sensitive material

How long your personal data will be kept

We will hold your personal data including your name, address and contact details plus your file of papers for a period of time, depending on the nature of your case.

We will confirm this to you at the end of your case. After this period of time, your file of papers including the electronic file, will be destroyed confidentially without further reference   to   you,   unless   we   contact   you   to   confirm   other   arrangements   or   you contact us to request your file of papers at an earlier date.

We are legally obliged to keep certain information for at least 5 years and typically  store your file for a minimum of 6 years before destroying it.

We will store Wills and other documents indefinitely.

We will keep your name and personal contact details on our database until you tell  us that you would like them removed e.g. where you have changed solicitor.

Further   details   about   safeguarding   your   file   and   our   file   storage   and   destruction arrangements are provided in the client care letter provided at the outset of every matter.

In order to meet our regulatory requirements, we may be required to retain basic information   about   you   to   include   your   name,   address   and   date   of   birth   on   our electronic database for a longer period of time.

Marketing Information

Marketing information about the firm and up to date articles which may be of interest to you are available on our website www.duddenlaw.co.uk.

In relation to future marketing, we would like to keep in touch with you and let you know periodically about information that we think may be of specific interest to you or to tell you about events or developments in the firm.

We may ask you to provide your email address and give specific confirmation that you want to “opt in” to us sending you such information in the future. If you provide your consent, you may withdraw it at any time by contacting us to confirm that you no  longer want  us to  contact  you.  If  you  provide  your  consent,  we   may use  third party software and services to assist us in relation to the processing of our marketing communications, but we will ensure we have confidentiality agreements in place and will   never   disclose   your   information   to   third   parties   for   them   to   use   for   their   own marketing purposes.

If you are an existing client of the firm or we are holding documents for you such as Wills or Deeds we may rely on legitimate interests as the reason for contacting you in future. We will only do this where we feel it would be of benefit to you or where we need to update you in relation to our terms and conditions.

Our website makes use of some third party cookies, including the Google analytics cookie and the Facebook Pixel.

Please see the Google privacy policy and the Facebook privacy policy of information on these cookies.

Your rights

Under the GDPR you have a number of important rights, free of charge.

– Please be aware that you have the following data protection rights:

– The right to be informed about the personal data the Company processes on you;

– The right of access to the personal data the Company processes on you;

– The right to rectification of your personal data;

– The right to erasure of your personal data in certain circumstances;

– The right to restrict processing of your personal data;

– The right to data portability in certain circumstances;

– The right to object to the processing of your personal data that was based on

a public or legitimate interest;

– The right not to be subjected to automated decision making and profiling; and

– The right to withdraw consent at any time.

Further   information   about   these   rights   can   be   found   on   the   Information Commissioners Website  www.ico.org.uk/for-the-public/. If you would like to exercise any of these rights, please:

– email, call or write to us

– let us have enough information to identify you

– let us have proof of your identity and address (a copy of your driving licence  or passport and a recent utility or credit card bill), and

– let   us   know   the   information   to   which   your   request   relates,   including   any   account or reference numbers, if you have them.

The right to rectification, If you think any information we have about you is incomplete or wrong, then you have the right to ask us to correct it. Please contact us.

Keeping your personal information secure

We   have   appropriate   security   measures   in   place   to   prevent   personal   information from   being   accidentally   lost,   used   or   accessed   in   an   unauthorised   way.   We   limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with   any   suspected   data   security   breach.   We   will   notify   you   and   any   applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information. The GDPR also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at www.ico.org.uk/concerns/ or telephone 0303 1231113.

Changes to this privacy notice

This privacy notice was  published on 24 May 2018. We may change this privacy notice from time to time. When we do we  will inform you  via our website  or by a direct communication with you.

How to contact us

Please   contact  our  us  if   you  have   any  questions  about   this   privacy  notice   or   the information we hold about you. If you wish to contact us, please send a letter marked Data Protection, Dudden Law Solicitors, Roath Chambers, 80 Albany Road, Cardiff, CF24 3RS or call 02921  320 150.

If you would like this notice in another format please let us know.

Back To Top