PRIVACY NOTICE
Ward & Rider is committed to protecting the privacy of our clients. This notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. This Data Privacy Notice is intended for clients and prospective clients only.
Identity and contact details
Data is collected, processed and stored by Ward & Rider Ltd, 2 Manor Yard, New Union Street, Coventry CV1 2PF. Ward & Rider and is registered with the Information Commissioner’s Office (ICO); registration number Z770165X. The Data Privacy Manager (DPM) is Oliver Begley and is available at: 2 Manor Yard, New Union Street, Coventry CV1 2PF, dpm@wardrider.co.uk or 024 7655 5400.
Information we collect
We will collect, process and store information your personal data to enable us to provide you with legal services. The exact information we will request from you will depend on what you have asked us to do for you. Typically, we will collect and process the following data about you:
- Information you give us. If you disclose data that relates to someone else then you must have the authority to do this. Data provided by you must be complete, accurate and up to date.
- Information we receive about you from other individuals/agencies to enable us to act on your behalf.
- Information may be collected when you use our website. Our Cookies Policy is available at http://www.wardandrider.com/new-cookie-policy/.
Lawful basis for processing data/using your information
Ward & Rider will process your data based on:
- Consent: you may have given us clear consent for us to process and disclose your personal data.
- Contract: for the purpose of providing you with the service you requested. We shall use and disclose personal information as required to carry out your instructions.
- Legal obligation: where there is a legal/regulatory obligation placed on us we may need to disclose data relating to you in order for us to comply with the law/regulation.
- Vital interests: the processing and disclosure of your data may be necessary for us to protect someone’s life.
- Public task: the processing and disclosure of your data may be necessary for us to perform a task in the public interest or for us to perform an official function.
- Legitimate interests: where the processing is necessary based on the legitimate interests of Ward & Rider or of a third party (unless protection of data overrides such interest). This will include us requesting your feedback on the service we provide at the end of your matter.
Ward & Rider will monitor the data collected and any correspondence with individual employees to ensure compliance with professional standards and our internal policies. Where we require your consent to use your data in certain ways we will obtain this in advance. We do not use your information for automated decision making.
Third party processors
In order for Ward & Rider to perform its services there are a number of companies that we outsource work to. Confidentiality agreements are in place with outsourced companies. These include:
- IT support (Lansalot Ltd) which has access to our IT systems, servers and the data contained on this.
- Call answering service (Moneypenny). Moneypenny does not have access to any data we hold.
- Confidential waste disposal company (ShredPro) provide onsite shredding facilities.
- Accountancy consultant (DMF Accountancy Ltd) and financial auditors (Millhall Consultants Ltd). To perform their roles under the SRA Accounts Rules they require access to financial and client data.
- The providers of identity verification and assurance tools in order to confirm that we can act for you.
- Professional Indemnity Insurer and Broker (currently QBE and AON) or any successor company.
- Case management system providers (SolCase, Intelliworks and DPS) who host our electronic files will have access to some of the data on the system during maintenance and the prevision of services.
- Debt recovery agencies (currently Andrew Wilson Enforcement Agents) or any successor company.
- Archived files (Leamington Office only) are stored with Box-it Central.
- External companies such as providers of utilities, technical support and cleaning services will have access to our offices either during or out of office hours.
Disclosure of your information
We do not share personal information with third parties unless we need to do so. We never sell your personal information to third parties. When we are required to disclose data to third parties we ensure that safeguards in place to ensure information remains confidential and secure. Disclosure may be made:
- In order to provide you with the services you have requested we will need to disclose data with relevant third parties. This will include the other side in any matter. In relation to a conveyancing transaction we will need to disclose data to your lender, other parties in the chain, estate agents, search providers, surveyors, the Land Registry and HMRC as a matter of course. Should we need to disclose information to a third party not detailed in this notice then you will be informed of this in advance and consent requested where appropriate.
- In order to protect the rights, property, or safety of any individual or company.
- In order to enforce/apply our terms of business and other agreements i.e. debt collection agencies.
- If we are under a duty to disclose your data in order to comply with any legal or regulatory obligation.
- Our insurers or legal advisers representing our interests in the event of a claim against us by you.
- Our regulator (the Solicitors Regulation Authority in accordance with regulatory duties.
- A prospective purchaser (or their advisors) of this Company under a binding non-disclosure agreement.
Retention of data
The data that we collect from you will be stored at a destination within the European Economic Area (EEA). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Data Protection Notice. Information may be held in computer or manual files. Where information is held electronically this will be on a secure server. We retain information for as long as is necessary and will inform you of the retention period at the outset and conclusion of the retainer. This period will be based on legal requirements and guidance from our regulator/insurer that apply dependent on the nature of the work involved. Information obtained from prospective clients is kept for 12 months for the purpose of providing quotations, any subsequent follow up and internal reporting.
Access to your information
You are entitled to request a copy of your personal data, in order to do so contact the DPM or the person dealing with your matter. Your request will be dealt with within one month of receipt. A subject access request entitles you to a copy of the personal data we hold on you. The focus of the information we have to provide is you and will include such things as records of your name, address, contact details, date of birth etc. This means that a subject access request will not normally result in you getting a copy of a file because the focus of the documents it contains are likely to be the transaction or legal matter rather than your personal information.
Inaccurate information
If you think any information we hold about you is incorrect or incomplete or has been changed since you first told us, please let us know in writing as soon as possible so that we can update our records.
Withdrawal of consent
You can withdraw consent previously provided at any time unless the action has already been performed. Withdrawal of consent must be in writing and sent to the DPM.
Right to restrict/stop/erase data
Depending on the nature of the request, we will comply with it to the fullest extent possible. In some cases, this could mean that we are unable to continue with your matter. In certain situations you may be able to ask for restrictions to be placed on the processing of your data or to exercise your right to be forgotten. A restriction has the effect of freezing data so we would continue to store your personal information but could not do anything with it. This might be relevant to you if you had any query or concern over the way your data was handled. A right to be forgotten would usually apply if data is processed unlawfully or otherwise fails to satisfy the legal requirements.
Complaints about the use of your personal data
Should you have concerns about the use of your data then you should contact the DPM in the first instance. If your concerns remain then the applicable supervisory body is the ICO. Please see https://ico.org.uk/for-the-public/raising-concerns/ for more information or contact them on 0303 123 1113.
