This website is operated by Clerwood Legal Services Ltd (“Clerwood Legal”). We are committed to a policy of protecting the rights and privacy of individuals in accordance with the General Data Protection Regulation (GDPR) and domestic UK data protection legislation (“the Data Protection Legislation”).
This policy statement explains how we use your personal information. Please read it to understand how we may use and how we look after your personal information. If you then have any questions or concerns, you should contact us using the details given at the end of this statement.
Please note that this policy applies only to the Clerwood Legal website and not to the websites of other organisations to which we may provide links. We are not responsible for the privacy policies or practices of such third party sites and you should make your own enquiries in respect of them.
Collection of your personal information
We may collect personal information from you when you access the website for auditing usage of the site and for general administration purposes. The information we may collect will comprise some or all of the following: your name, address, telephone and fax numbers, e-mail address, IP address and post code. Your IP address is a unique identifier for your computer, but should not be linked to any information from which you are personally identifiable. If you do not wish us to collect your personal data please do not provide it.
Clerwood Legal may in some cases collect information about you that may not be personal data. For example the type of Internet browser you are using, the type of computer operating system you are using, and the domain name of a website from which you linked to the Clerwood Legal site.
Use of your personal information
We will use the information we collect to track and monitor the usage of our website and help us understand the patterns of site visitors. This will help us operate the site more effectively, identify what sort of information is of interest to our users and assist us in business processes such as accounting, marketing and record keeping.
A cookie cannot read data off your hard disk or read cookie files created by other sites and cookies do not damage your system. You can choose whether to accept cookies by changing the settings on your browser so that is rejects them or notifies you when a website tries to send you a cookie. Rejecting cookies may affect the scope of your enjoyment of a website and may mean that some features do not operate as intended. We do not use single-pixel gif images, sometimes referred to as “web bugs” or “web beacons”.
Retaining your personal information
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- Client’s data will be held for a period of 7 years before being destroyed;
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations; and/or
- Retention periods in line with legal and regulatory requirements or guidance (which will take priority)
Sharing of your personal information
We may share your personal information with third parties but only in the strictly limited circumstances set out below.
- We may supply your personal information to third parties (such as our internet service providers) who help us administer our website. These third parties must at all times provide the same levels of security for your personal information as Clerwood Legal and, where required, are bound by a legal agreement to keep your personal information private, secure and to process it only on the specific instructions of Clerwood Legal.
- We may also supply your personal information to government bodies and law enforcement agencies but only:- if we are required to do so by the requirements of any applicable law; if in our good faith judgement, such action is reasonably necessary to comply with legal process; to respond to any legal claims or actions; or to protect the rights of Clerwood Legal, its customers and the public.
Using your personal information to contact you
To keep you informed about our services or provide information we believe might be useful to you, we may contact you by e-mail or post. If you wish not to receive such communications please contact us at the address below, e-mail us at firstname.lastname@example.org.
Security: Internet and Data Storage
The Internet is inherently insecure. Personal Data submitted by means of the Internet may be vulnerable to unauthorised access by third parties. Submission of Personal Data using the Internet is at your own risk. We will take reasonable and appropriate technical measures to ensure that your Personal Data is stored in a secure manner. However, we shall have no liability for disclosure of data due to errors in transmission or the fraudulent, negligent or other illegal acts of a third party, such as ‘Hacking’. Any transmission of personal information on or through the use of our website is at your own risk.
Transmission of Data Overseas
In certain circumstances, we may transfer your personal information to countries outside the European Economic Area. This may include circumstances where we use service providers who are based outside the EEA or who use “cloud” infrastructure which means that their servers are based all over the world. Where we transfer your information to companies outside the EEA, we will make sure it’s protected in a manner that is consistent with how your information will be protected by us. This can be done in a number of different ways for instance:
- The country that we send the information to might be approved by the European Commission.
- The recipient company might have signed a contract obliging them to protect your information.
- The recipient is located in the US and is a certified member of the EU-US Privacy Shield scheme.
In other circumstances the law may permit us to otherwise transfer your information outside the EEA. In all cases however, we will ensure that any transfer of your information is compliant with the Data Protection Legislation.
Accessing your personal information
You have certain rights as a Data Subject under the Data Protection Act 1998 to request details and in certain circumstances a copy of the personal data which we hold about you. The law states that we may charge you a fee (currently £10) for providing this information. If you would like a copy, please write to us at the address below and mark your envelope “Personal information request”. Should you discover any inaccuracies in such personal data, please notify us as soon as possible at the same address. We will then correct our records and notify any third parties to whom such personal data may have been supplied.
You have a number of legal rights in relation to the information that we hold about you, including:
- Right to access: You have the right to request access to your personal data held by us. Requests are to be made in writing, electronically and information will be provided in a commonly used electronic format. Requests will be handled within one month of receipt of the request, and free of charge with the exception of where requests are manifestly unfounded or excessive we hold the right to charge a reasonable fee taking into account the administrative costs of providing the information. More information can be found at https://ico.org.uk/for-the-public/personal-information/.
- Right to rectification: You have the right to have personal data rectified if inaccurate or incomplete. Where the personal data in question has been disclosed to a third party, they will be made aware of the rectification where possible. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
- Right to erasure: You have the right to request the deletion or removal of personal data in the following circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When you withdraw consent.
- When you object to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation. This does not provide an absolute “Right to be forgotten”. Where the personal data in question has been disclosed to a third party, we will inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so. Personal data will be erased by removal from our internal and cloud servers.
- Right to restrict processing: You have a right to ‘block’ or suppress processing of personal data if you contest its accuracy; have objected to the processing; processing is unlawful and you oppose erasure; we no longer need the personal data but you require the data to establish, exercise or defend a legal claim. Where the personal data in question has been disclosed to a third party, we will inform them about the restriction on processing of the data, unless it is impossible or involves disproportionate effort to do so.
- Right to data portability: You have the right to obtain and reuse your personal data for your own purposes. Requests are to be made in writing, electronically, and will be handled within one month of receipt of the request.
- Right to object: You have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics. Requests will be dealt with by immediate effect with no right for refusal.
You also have the right to make a complaint with the Information Commissioner at www.ico.org.uk if you think that any of your rights have been infringed by us.
All requests will be dealt with in your own merit, and in accordance with the Data Protection Legislation guidance.
Should a data breach occur, we have compliant procedures in place to investigate and report the matter to the Individual. In the event of a breach, it will be reported to you within 72 hours of discovery. A record of any breaches will be kept by the company.
You can exercise your rights by contacting us using the details set out in the “Contact Address” section below.
Clerwood Legal Services Ltd
51 Clermiston Road
Company Number: SC595102