Your privacy is very important to us and we suggest that you read this policy carefully as it contains important information as to your personal data, how we collect it, what we collect, how it is used, who it is shared with and how it is stored.
This policy also contains details about how we use your data to comply with General Data Protection Regulation (GDPR) and that we are responsible for that data as “Controller”. The use of your personal data is subject to your instructions, GDPR and other regulations of which we are subject to comply with as well as our duty of confidentiality to you.
Use of our Website
You can access and use our website without giving us any of your personal data. If you choose to provide us with your personal information to contact us then by providing this information you consent to our use of the information as set out in this privacy policy.
Cookies
When using our website we confirm we will not collect personal data on you unless you provide this to us. We have cookies in place to anonymously track and record visitor information to our website only.
What data we collect
If you instruct us to act on your behalf in a conveyancing transaction then we will need to collect data from you.
The data that we collect will be, but not limited to, your name, address, contact details, national insurance number, financial position such as your source of funds to be able to purchase a property, your occupation and date of birth.
How and why we collect this data
Under GDPR we can only collect the information that we require from you if we have a legitimate reason for doing so.
We collect the data required from publicly accessible sources such as Companies House or HM Land Registry or directly from third parties likes sanctions screening and client due diligence providers. We may also collect your data from a third party with your consent and your consent for this is given by you returning the signed client care letter at the beginning of your transaction. If you do not provide us with your signed client care letter this may cause unnecessary delays in your transaction and in us providing our service to you.
Third parties that we may collect your data from include your bank or building society or other financial institutions.
We may also collect your data from our case management system, technical systems such as our computer network and connections as well as email and other messaging mediums.
How we use your data
As explained above, we only collect information that we require and it is collected for us to be able to comply with regulatory and legal obligations as well as for the performance of our contract with you or to take steps at your request before entering into a contract.
Who we share your data with
We will, during the course of our day to day business in providing our service to you, share your data with third parties where necessary to carry out your instructions e.g. your mortgage advisor, mortgage lender, HM Land Registry, HM Revenue and Customs and Companies House. We may also share your data with external auditors and online anti-money laundering service providers.
We will only allow our service providers to handle your data if we are satisfied they take appropriate measures to protect your personal data.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Where your data will be stored and for how long
We will store your data in the office as well as in a secure off-site location with a third party.
Your file and personal data will only be kept for the maximum amount of time required by us in order to deal with any questions or complaint your may have and by any questions or queries that any regulatory body such as HM Revenue and Customs may have. Your data on our file will be stored for a maximum of 16 years.
At the end of the 16-year retention period, your file will then be destroyed securely by a third-party company.
Keeping your data secure
We have measures in place to ensure your personal data is secure and stored securely and is not accidently lost or used or accessed unlawfully. We will limit access of your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data breach and we will notify you and any applicable regulator of a suspected data breach where we are legally required to do so.
Your Rights
You have the following rights under GDPR as follows:
- Access – you have the right to be provided with a copy of your personal data
- Rectification – you have the right to require us to correct any mistakes in your personal data
- To be forgotten – you have the right to require us to delete your personal data – in certain circumstances only
- Restriction of processing – you have the right to require us to restrict processing of your personal data – in certain circumstances
- Data portability – you have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain circumstances.
- To object – you have the right to object at certain times to your personal data being processed for the purpose of our legitimate interests.
- Not to be subject to automated individual decision-making – you have the right not to be subject to decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
How to complain and our contact details
Hill Johnson & Leo are committed to high quality legal advice and client care. If you are unhappy about any aspect of the service that you have received, please contact the Partner in charge of your case on 020 8390 0185 or by post to our office address of 59 Victoria Road, Surbiton, Surrey KT6 4NQ.
We have a procedure in place which details how we handle complaints which is available upon request. If you are not satisfied with our handling of your complaint you can ask the Legal Ombudsman on 0300 555 0333 or enquiries@legalombudsman.org.uk to consider the complaint further.
In most cases you will need to bring a complaint to the Legal Ombudsman within 6 months of receiving a final written response from Hill Johnson & Leo about your complaint.
If you have a particular complaint about your personal data and how it is being used, stored or shared by us then you have the right to complain to the Information Commissioners Office (ICO). They can be contacted at https://ico.org.uk/.