By law we must process all your personal data lawfully, fairly and in a transparent manner. This notice is written to help Individuals (referred to as ‘you’ and ‘your’). This notice explains how we process your personal data, the purpose of us processing your data and what our lawful bases for doing so are.
‘Us’ or ‘we’ or ‘our’ refers to McKenzie Law Limited (trading as McKenzie Law and McKenzie Law Solicitors). We are a company incorporated in England and Wales authorised and regulated by the Solicitors Regulation Authority. We are data controllers for the purposes of the EU General Data Protection Regulation (‘GDPR’).
Our Registered Office address:
McKenzie Law Limited, Dogpole House, 14 Dogpole, Shrewsbury, Shropshire SY1 1EN UK
Telephone number: 01743 244666
V.A.T. registration number: 917 0641 35
Company registration number: 4910643
Data Protection Registration Number: Z1070017
We have policies and systems to protect the data and information that you give us.
We will not sell, lend or share your data and information with any unconnected third parties.
Contents: This policy describes:
- What personal information we collect about you
- How we obtain your personal information
- The purposes for which we use your personal information
- The bases on which we use your personal information
- How long we keep your personal information
- Who we share your personal information with
- How we protect your personal information
- Which countries we transfer your personal information to
- Summary of your rights regarding your personal information
Your rights explained in more detail
‘Personal Information’ means information relating to an identifiable person who can directly or indirectly be identified by an identifier. There are many types of identifier including names and identification numbers such as passport numbers
1. What personal information we collect about you
We collect information from you when you use our website or contact or request information from us as part of providing legal services to you once you become our client.
The personal information we collect from you and process includes:
- your name, title, employer, and your relationship to a person or organisation
- contact details including your address, email address and phone numbers
- information to take and make payment
- information arising from visits you make to our website including information which you submit to us through our website
- information you give us for the purposes of attending meetings, seminars or events (for example any food allergies you may have or disability access requirements)
- identity documents and information provided by you or collected by us as part of our client intake procedure and anti-money laundering procedures
- personal information provided by you or others to us, or which is created by us in the course of our providing services
2. How we obtain your personal information
- as part of our client intake procedure when we accept you as a client
- as necessary whilst we are providing legal services to you
- when monitoring our information technology, our websites and emails sent to and from us
- we may collect or receive information about you from others, for example Companies House as this can help us keep your contact details accurate and up-to-date
- at marketing events (event feedback/surveys; prize draws, business cards given to us).
3. The purposes for which we use your personal information
We use your personal information for the following purposes:
- to provide our services to you and this can include handling the personal information of others that you have provided to us for the purposes of our service to you
- to provide information requested by you
- to verify identity
- to promote our services by sending legal updates and details about events
- to provide, improve and monitor the use of our website
- to administer and manage our relationship with you and our clients
- to meet our legal and risk management obligations and to establish, exercise or defend legal claims
- for recruitment
The safe processing of your personal data protects you as a client, or a prospective client and us as a business.
Use of the McKenzie Law website
Various parts of our website invite you to provide us with personal information including the ‘contact us’ or make a free initial enquiry facility. The purposes of these facilities are clear and we only use the information you provide for these purposes.
The McKenzie Law website uses Google analytics to track and report on how the website is used so we can improve it. It does this by placing cookies (small text files) on your device. The cookies collect information such as the number of visitors, which pages were visited and how long was spent on the website. This information is anonymous. For further information about cookies visit www.allaboutcookies.org. You can set your browser not to accept cookies and the all about cookies website will tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function if you remove cookies from your browser.
Emails and marketing
We may use your personal information to see if you open emails that we send you and whether you click on links included in them and whether and how you visit our website after you click on the link. If we do this then we use software that places a cookie on your device to track this and record it against your email address. Should you wish to remove this cookie the www.allaboutcookies.org website will tell you how to.
If you receive marketing communications from us and no longer wish to do so, you can unsubscribe at any time by emailing us at email@example.com
Events, meetings and seminars
When you attend at our offices or an event or seminar organised by us we will collect and process personal information about you. We will only use personal information about your dietary or access requirements to cater for your needs and meet any relevant legal obligations we have. We may share that information with those involved in organising or hosting the relevant event which you wish to attend.
We need to collect, create, hold and use personal information to provide our services. We process identification and background information as part of our client intake, accounts, administration and marketing procedures including credit check, ID verification, anti-money laundering and anti-terrorism checks and conflict checks. We also process personal information provided by or on behalf of our clients to us for the purposes of the work we do for them. This information may be disclosed to third parties to the extent reasonably necessary to do our work.
4. The bases on which we use your personal information
- in order to carry out a contract, such as engaging with an individual to provide legal services
- to establish, exercise or defend legal claims or proceedings
- to meet legal and regulatory obligations
- for legitimate business purposes. These are explained in the section above headed ‘The purposes we use your personal information for’ and
- with your consent. Usually this basis will only be relevant if you have visited our website or made initial contact with us in person, by letter, telephone or by some other electronic communication method and you are not yet a client with whom we have a written contract and the basis of contract, legal obligation or legitimate interests is deemed not to apply. In this case only you consent to us:-
(a) verifying your identity in accordance with our ID verification procedures;
(b) retaining the information about your identity and your enquiry;
(c) using the contact details you supply for the purpose of responding to your enquiry and
(d) contacting you in the future about our firm and its services if you opted to receive marketing emails. You will always be given the opportunity to opt out of receiving marketing information.
5. How long we retain your personal data
If you are not our client or related to a client matter of ours, we will keep your information for a maximum of one year after we first heard from you. If you ask us to remove you from our marketing list, we may keep your personal details on an ‘opted out’ list to ensure that we do not market to you again.
Where you are a client we will collect personal data and retain it in accordance with our Terms of Business which form part of our Client Agreement with you.
6. Who we share your personal information with.
We may share your personal information with trusted third parties in accordance with contracts we have in place with them. This includes:
- Our accountants and also our reporting accountants for the purposes of the Solicitors Accounts Rules.
- Our various IT service providers.
- Third parties engaged in the course of the services we provide to our clients such as barristers, our bank, estate agents, our conveyancing search providers, mortgage lenders, Certainty the National Will Register, our insurers, our legal compliance auditors etc. This list is not exhaustive.
- Government organisations involved in the services we provide for example Companies House, HMRC, HM Land Registry, the Intellectual Property Office, Office of the Public Guardian, Probate Registry etc. Again, this list is not exhaustive.
- third parties involved in co-hosting or co-organising events or seminars.
Although it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will try to notify you before we do this unless we are legally restricted from doing so, for example we cannot tell you if we submit a suspicious activity report in relation to suspected money laundering to the National Crime Agency.
If in the future, we sell our practice, or it is integrated with another business we may need to transfer your information to the third party through which our business will be carried out. We may need to disclose your personal information to a prospective buyer of our business subject to terms of strict confidentiality.
From time to time we may use social media sites – our Facebook page, Instagram, Twitter or LinkedIn. If you use these social media sites you should look at their privacy policies for more information on how they deal with your personal information and any posts or comments you send to us
7. How we protect your personal information
We use technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration or destruction in accordance with relevant and applicable data protection law.
8. Which countries we transfer your personal information to.
Your personal information may need to be shared with our service providers, which may involve transferring it to countries outside the European Economic Area. Where we do so we will ensure that we do this in accordance with the current data protection legislation by only transferring the data to jurisdictions in respect of which there is a European Commission adequacy decision or, where this is not the case, by using model clauses which have been approved by the European Commission.
9. Summary of your rights regarding your personal information
You have certain rights in respect of the data we hold relating to you. Details of these rights can be found on the Information Commissioners website. You are entitled to request details of the information we hold about you and how we process it. You may also have a right to have it corrected, deleted, to restrict our processing of that information, to object to our processing of your personal data or to automated decision-making, to stop unauthorised transfers of your personal information to third parties and under certain circumstances (if applicable) you may have the right to have personal information relating to you transferred to another organisation.
The application of these rights varies according to the legal basis used to process your data.
Your objection or withdrawal of previously given consent could mean that we are unable to perform the actions necessary to achieve the purposes for which we use your personal information. Even if you decide to withdraw your consent we may be able to continue to process your personal information if we are required to or permitted to by law, or if we are relying on a basis other than your consent to process your personal data. For example, we would continue to process your personal information in connection with exercising and defending our legal rights and meeting our legal and regulatory obligations.
We will stop processing your personal data for direct marketing as soon as we receive an objection from you. If you receive marketing communications from us and no longer wish to do so, you can unsubscribe at any time by emailing us at firstname.lastname@example.org
This Privacy Notice applies whether we collect the personal data directly from you or where we collect your data from another source e.g. an information search provider or a connected third party that you introduce to us.
If you are a client, please also read and refer to our Terms of Business (‘our Terms’). The following terms will give you additional information about the matters referred to in this Privacy Notice.
|Clause 4||Communication Methods|
|Clause 6||Confidentiality & Legal Professional Privilege|
|Clause 7||ID Verification Fees & Data Protection|
|Clause 11||Your File & Data Retention|
We supply our terms to our clients in navigable PDF format to help you refer to relevant terms at the outset and in the future. We will also supply them in paper format if you request them. Our terms are supplied at the time of our engagement with our Client Agreement.
We are registered with the Information Commissioner’s Office.
The information we will supply to you on request is determined by whether we obtained your personal data directly from you or a third party.
We will keep this privacy notice under regular review. This privacy notice was last updated in May 2018. We reserve the right to update it at any time and will place any updates on our website www.mckenzielaw.co.uk
If you have any questions about our privacy notice or the information we hold about you please contact us at email@example.com or by post to Niels McKenzie, Director, McKenzie Law Limited 14 Dogpole Shrewsbury SY1 1EN. Niels McKenzie is our data controller and data protection officer.
You have the right to lodge a complaint with the Information Commissioners Office.
Contents: Your rights explained in more detail
- Right of access
- Right to rectification and data quality
- Right to erasure including retention and disposal
- Right to restrict processing
- Right of data portability
- Right to object
- Rights related to automated decision making including profiling
1. Right of access
You have the right to obtain:
- confirmation that your data is being processed;
- access to your personal data; and
- other supplementary information as is provided in this Privacy Notice.
We do not usually make a charge to supply access information. However, we can charge a ‘reasonable fee’ if your request:
- is manifestly unfounded or excessive, particularly if it is repetitive, unless we refuse to respond; or
- is for further copies of the same information (that’s previously been provided). This does not mean that we can charge for all subsequent access requests.
The fee will be based on the administrative cost of providing the information.
We will comply with your subject access request under the GDPR within 28 days of receipt. We can extend this period by a further two months if your request is complex or you have made numerous requests and if this applies you will be informed and given an explanation of the time extension.
We are required to verify the identity of the person making the request, using ‘reasonable means’.
If your request is made electronically, we will provide you with the information in a commonly used electronic format.
2. Right to rectification and data quality
You have the right to have your personal data rectified if it is inaccurate or incomplete.
We will respond to a request you make without delay and at least within 28 days of receipt.
We can extend this period by a further two months if your request is complex or you have made numerous requests, in which case you will be informed and given an explanation. If we have disclosed your personal data to a data processor (third party) we will inform them of the rectification where possible.
3. Right to erasure including retention and disposal
We have a process to securely dispose of personal data that is no longer required, or where you are entitled to ask us to erase it, however in relation to the latter please note that this will only apply in very limited circumstances.
You have the right to be forgotten and can request the erasure of your personal data when:
- it is no longer necessary in relation to the purpose for which it was originally collected/processed;
- you withdraw consent and assuming that consent is the only lawful basis of data processing;
- you object to the processing and there is no overriding legitimate interest for continuing the processing;
- your data was unlawfully processed i.e. otherwise in breach of the GDPR;
- it has to be erased in order to comply with a legal obligation; or
- we can refuse to comply with a request for erasure where your personal data is processed for the exercise or defence of legal claims.
4. Right to restrict processing
You have a right to block or restrict the processing of personal data.
When processing is restricted, we are permitted to store your personal data, but not further process it.
We can retain just enough information about you to ensure that the restriction is respected in the future.
We will be required to restrict the processing of personal data in the following circumstances:
- where you contest the accuracy of the personal data, we will restrict the processing until we have verified the accuracy of the personal data.
- where you object to the processing (where it was necessary for legitimate interests), and we are considering whether legitimate business grounds override those of you as an individual.
- when processing is unlawful and you oppose erasure and request restriction instead.
- if we no longer need the personal data but you require the data to be retained to allow you to establish, exercise or defend a legal claim.
If we have disclosed your personal data in question to third parties, we will inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.
We will inform you when we decide to lift a restriction on processing.
5. Right of data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services.
You can receive personal data or move, copy or transfer that data from one business to another in a safe and secure way, without hindrance.
The right to data portability only applies:
- to personal data you have provided to us as a controller;
- where the processing is based only on your consent or for the performance of a contract; and
- where the processing is carried out by automated means.
When applicable information will be provided without delay and at least within 28 days of receipt.
We can extend this period by a further two months for complex or numerous requests in which case you will be informed and given an explanation.
Only when applicable we will provide the personal data in a structured, commonly used and machine-readable format. Examples of appropriate formats include CSV and XML files.
We will provide the information free of charge.
If you request it, we may be required to transmit the data directly to another business where this is technically feasible.
6. Right to object
You have the right to object to:
- processing based on legitimate interests; and
- processing for purposes of scientific/historical research and statistics.
You must have an objection on ‘grounds relating to your particular situation’.
However for processing based on legitimate interests we will stop processing the personal data unless:
- we can demonstrate compelling legitimate grounds for the processing, which override your interests and rights and freedoms as an individual; or
- the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to any processing undertaken for the purposes of direct marketing (including profiling). We will stop processing for direct marketing as soon as we receive your objection. There are no exemptions or grounds for us to refuse.
We will inform you of your right to object at the point of first communication.
7. Rights related to automated decision making including profiling
The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
Individuals have the right not to be subject to a decision when:
- it is based on automated processing; and
- it produces a legal effect or similarly significant effect on the individual.
The right does not apply if the decision:
- is necessary for entering into or performance of a contract between us;
- is authorised by law e.g. for the purposes of fraud or tax evasion prevention; or
- is based on your explicit consent, and we have put in place suitable measures to safeguard your rights, freedoms and legitimate interests.