This policy also outlines your rights regarding your personal data, and what steps you can take if you have a complaint.
Who we are
Simpson Millar is a data controller bound by the requirements of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. Our registered office is 39 St Paul’s Street, Leeds West Yorkshire LS1 2JG.
Please address any questions, comments or requests regarding how we process your information to our Data Protection Officer (DPO) Paul Bradley, Direct Dial telephone number: 0113 306 2835 Email: firstname.lastname@example.org
What personal data will we collect?
- Your name, address and telephone number
- Information to enable us to check and verify your identity – eg: your date of birth or passport details
- Electronic contact details – e.g: your email address and mobile phone number
- Information relating to the matter in which you are seeking our advice or representation
- Financial details relevant to your instructions, such as the source of your funds if you are instructing on a purchase transaction
We may also collect other personal information, depending on why you have instructed us, including:
- Your National Insurance and tax details
- Your bank and/or building society details
- Your medical history or records – e.g: if we are acting for you in a personal injury claim
- Details of disabilities you have if relevant to your case
- Information to enable us to undertake a credit or other financial checks on you
- Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information
- Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data) – e.g: if you instruct us on matters related to your employment or in which your employment records are relevant
- Your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs – e.g: if you instruct us on a discrimination claim
- Information on open social media accounts in the public domain only where relevant to your claim
How Your Personal Data Is Collected
We collect most of this information from you directly. However, we may also collect information in the following ways.
How We Use Your Personal Information
We’ll only use your personal data if we have a proper reason for doing so.
The information that you provide to Simpson Millar will be used to provide services you request from us and also to enable us to deal with your enquiry.
We’ll therefore need to process that information either:
- For the performance of our contract with you or to take steps at your request before entering into a contract
- To comply with our legal and regulatory obligations
- For our legitimate interests or those of a third party
- Where you have given consent
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
If we need to process your sensitive information, such as your health records or trade union information to proceed with your case, we’ll do so on the basis that processing is necessary for the establishment, exercise or defence of your legal claim.
You acknowledge that we’re entitled to obtain, use, process and disclose your personal information to enable us to discharge the services which we have agreed to provide, and for other related purposes, including updating client records, analysis for management purposes, crime prevention and legal and regulatory compliance.
As stated above, we’ll need to process your personal data in order to conduct your claim or matter under our retainer. If you don’t provide us with this data, we won’t be in a position to assist you with your matter.
We won’t use your personal data to carry out automated decisions about you – i.e. to use technology alone to make any processing decisions that carry legal effect.
Sharing your information
Whilst acting for you, in order to assist with your case, we may share your personal information including your name, contact details, personal circumstances and relevant information about your case with selected third party suppliers.
This will enable us to discharge the services which we have agreed to provide.
We routinely share personal data with:
- Professional advisers who we instruct on your behalf or refer you to – e.g: barristers, medical professionals and agencies, accountants, tax advisors or other experts
- Other third parties where necessary to carry out your instructions – e.g: your mortgage provider, estate agent, HM Land Registry and HMRC in the case of a property transaction, or Companies House, a court, tribunal, third party insurers or defendant solicitor on a litigated matter
- The person or organisation that referred you to us, such as a trade union or claims management company
- Any insurance company that is providing financial assistance for your claim, such as a provider of legal expenses insurance or other third party funders
- Insurers and brokers
- External auditors – e.g: Law Society to verify the quality of service provided by us under independent accreditations like Lexcel and the audit of our accounts
- Our bank
- External service suppliers, representatives and agents that we use to make our business more efficient – e.g: legal costs draftsman, typing services, PR/marketing agencies, document collation, couriers like Royal Mail and DHL or analysis suppliers including social media.
- The Legal Aid Agency if you are publicly funded
- Property search companies on conveyancing transactions
- Online ID checking services in order to verify your identity under the Money Laundering Regulations or to meet other regulatory requirements
We only allow our service providers to handle your personal data if we’re satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We will not transfer, store and process the data that we collect from you at a destination outside the European Economic Area (“EEA”) without your express consent.
We may use your personal data to send you updates by email, text message, telephone or post about legal developments that might be of interest to you and/or information about our services, including exclusive offers, promotions or new services or products.
We have a legitimate interest in processing your personal data for promotional purposes. This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We’ll always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
- Contacting us by calling 0345 357 9977
- Using the ‘unsubscribe’ link in emails in any communication we may send you.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
How long will we hold your information?
Where we have acted for you or your information relates to a matter we’ve acted in, we’ll usually keep paper records for 7 years and electronic records for 15 years.
Exceptions to this include property transactions, commercial litigation, wills, clients who are minors or who may lack capacity.
Where we have not acted in a matter we will usually keep electronic and written records for 2 years.
If you have shared any information with us via social media, such as your name, address and details regarding a case, this will only be kept for 2 years.
You have the following rights, which you can exercise free of charge.
The right to be provided with a copy of your personal data
The right to require us to correct any mistakes in your personal data
To be forgotten
The right to require us to delete your personal data – in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data in certain circumstances – e.g: if you contest the accuracy of the data
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations
- at any time to your personal data being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of your personal data – e.g: processing carried out for the purpose of our legitimate interests.
If you’d like to see the information we hold or enforce any of the other above rights, please contact our DPO.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way.
We limit access to your personal information to those who have a genuine business need to know it.
Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to Complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
If you have a complaint about how we process your personal data or our compliance with GDPR, you can contact the Information Commissioner’s Office (ICO), who are independent, impartial and have official powers to resolve complaints. Here’s how to get in touch:
Helpline no: 0303 123 1113
In order to provide you with a better user experience, we sometimes place small data files – known as cookies – on a user’s computer or device.
These data files don’t store personal information about you, but merely about the choices you make when navigating our website and are used purely for analytical purposes.
Due to regulations specified by the Solicitors Regulatory Authority we display the SRA’s Digital badge which may set similar Google Analytics cookies. The cookies collect information in a way that does not directly identify anyone
More information about cookies in general can be found here: www.allaboutcookies.org
We use Google Analytics to store information about how visitors use our website, so we can make improvements and provide visitors with a better user experience.
- Google – google.com
- Internet based Advertising
We use Google Analytics and Facebook tracking code to support Advertising features such as remarketing and retargeting to inform, optimise and serve ads based on your past visits to our website or on our adverts.
You can opt out of the Google Analytics Advertising Features you use through Ad Settings, Ad Settings for mobile apps, or any other available means (for example, the NAI’s consumer opt-out). Google Analytics’ opt-outs for the web.
You can opt out of Facebook by adjusting your settings in Facebook.
Examples of cookies set:
- Cookie Name: _utma; Typical content: This cookie is typically written to the browser upon the first visit to your site from that web browser. If the cookie has been deleted by the browser operator, and the browser subsequently visits your site, a new __utma cookie is written with a different unique ID. This cookie is used to determine unique visitors to your site and it is updated with each page view. Additionally, this cookie is provided with a unique ID that Google Analytics uses to ensure both the validity and accessibility of the cookie as an extra security measure.; Expires: 2 years
- Cookie Name: _utmb; Typical content: This cookie is used to establish and continue a user session with your site. When a user views a page on your site, the Google Analytics code attempts to update this cookie. If it doesn’t find the cookie, a new one is written and a new session is established. Each time a user visits a different page on your site, this cookie is updated to expire in 30 minutes, thus continuing a single session for as long as user activity continues within 30-minute intervals
- Cookie Name: _utmc; Typical content: this cookie is operated in conjunction with the __utmb cookie to determine whether or not to establish a new session for the user; Expires as soon as you exit your browser
- Cookie Name: _utmz; Typical content: This cookie stores the type of referral used by the visitor to reach your site, whether via a direct method, a referring link, a website search, or a campaign such as an ad or an email link. It’s used to calculate search engine traffic, ad campaigns and page navigation within your own site. The cookie is updated with each page view to your site and expires after 6 months
General Session Cookie set by our website:
- Name: Asp.net_sessionid; Typical content: randomly generated text that is session based and expires as soon as you close your browser
- An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Simpson Millar doesn’t have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.
Giving or removing consent using your browser
You are completely in control of cookies stored on your device and can view/delete them at any time using settings in your browser.
Note: Obstructing all cookies could, however, have an adverse impact upon the usability of this website and many others on the internet.