Introduction

Aughton Ainsworth (“We”) is a law firm which provides legal advice and assistance to its clients. Aughton Ainsworth is a trading name of Aughton Ainsworth Limited a company registered in England and Wales (Company no. 9141591). The Company is authorised and regulated by the Solicitors Regulation Authority (SRA No. 615324) and is regulated as a Multi
National Practice by the Law Society of Scotland (reg. no. 50365).

Scope

This policy (together with our Terms of Business and Cookie Policy) sets out Aughton Ainsworth’s commitment to ensuring that any personal data which is processed is carried out in compliance with data protection law. This includes the processing of personal data of our staff and clients. The policy applies to all the personal data we process. All Aughton
Ainsworth’s staff are expected to comply with this policy.

‘Data Protection Law’ includes the General Data Protection Regulation 2016/679 (GDPR); the UK Data Protection Act 2018 and all relevant EU and UK data protection legislation.

Why we process personal data?

The reason we process personal data is to enable us to carry out the necessary administration required to provide the services requested by our clients, to comply with our legal obligations and for the purpose of administering our business. We also process personal data to comply with our obligations under contracts we hold with our employees, clients and suppliers.

What information do we collect?

We will require basic information which identifies you as an individual (“Personal data”). The following are examples of the type of information we will require:

  • Name, address, email address and phone number
  • Passport or Driving Licence information for identification purposes
  • National Insurance Number
  • Information relevant to fulfilling our legal services on an individual’s or organisation’s behalf including financial details and bank statements
  • Funding information where appropriate (this may include the personal details of family and friends and/or other third parties involved with providing funds, particularly for conveyancing purposes)
  • Credit Card Information : We use this information for payment and fraud prevention only.

The lawful basis we rely on for processing any personal data is to comply with our legal obligations, legitimate purposes and to comply with our obligations under contracts we hold.

This enables us to provide services as instructed by our clients, to manage our employees and to ensure the proper administration of our business.

When will we need to disclose personal data to others?

We may need to disclose personal data to certain selected third parties including:

  • Consultants who are engaged by Aughton Ainsworth to deliver services directly to its clients. We may engage these people, and they may need to process personal data on our behalf, in order to perform any contract we have and also to ensure the proper administration of our business.
  • Our suppliers and sub-contractors for the purpose of providing any services to the client. In particular, we use third party companies to process personal data in relation to the following:
    a) to provide our case management systems for us
    b) to carry out our identity and credit verification checks,
    c) to obtain legal support services (including the processing of information by the courts service, barristers, accountants and experts).
    d) to carry out confidential information destruction and deletion services
    e) for our data storage services
    f) for IT and communication facilities
    g) for document production services
    h) for banking services
    i) to manage legal filings and registrations
    j) for legal search services
    k) for any other service which we deem necessary to comply with our legal and regulatory obligations
    l) for employee administration purposes in order to properly manage our business.

None of the parties referred to above are permitted to use personal data for any other purpose than for which it is lawfully required.

How long will we keep your personal data?

We usually keep documents, which include personal data, for a minimum of 6 years unless we expressly state otherwise in writing. In such cases, we will determine the period for which we need to retain your data, acting reasonably, and taking into consideration a number of factors such as your relationship with us, your engagement with us and the fulfilment of
contracts we have with you.

We may need to retain personal data where this is necessary to comply with our legal or regulatory obligations.

Where do we store your personal data?

We will always try to ensure that your personal data is processed within the European Economic Area.

In circumstances where it is necessary for us to transfer your personal data outside the European Economic Area, we will only transfer such personal data to third parties where we have carried out due diligence on such parties to ensure they will protect your personal data using similar standards and safeguards as Aughton Ainsworth.

We will do our best to protect personal data, and will maintain appropriate technical, physical and organisational measures to protect all the personal data we store. Documents are not ordinarily kept in a store room. We cannot guarantee the security of data transmitted to us as this is transmitted at the risk of the sender. However, on receipt of personal information, we will use procedures and security features to try to prevent unauthorised access.

Your rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • Subject Access : the right to request a copy of the personal data which we hold about you. Please note that any request may be subject to a reasonable fee if your request for access is clearly unfounded or excessive.
  • Rectification : the right to request that we correct any personal data if it is found to be inaccurate or out of date
  • Erasure : the right to request your personal data is erased where it is no longer necessary for us to retain such data, unless we have a lawful reason to do otherwise.
  • Objection to processing : the right to object to the processing at any time relying on the legitimate interests processing condition unless we can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject
    or for the establishment, exercise or defence of legal claims.
  • Data Portability : the right to request that we provide you with your personal data and where, possible, to transmit that data directly to another data controller or data processor.
  • Restriction of processing : the right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
  • The right to lodge a complaint with the Information Commissioners Office (ICO)

Data protection principles

Aughton Ainsworth complies with the data protection principles set out below. When processing personal data, it ensures that:

  • it is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
  • it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
  • it is all adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimisation’)
  • it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay (‘accuracy’)
  • it is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
  • it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

Our Website

We use a third party to assist us with the maintenance of our website. However, we confirm that we are responsible for the use of any personal data (ie. contact details). Should you choose to send an enquiry to us via our website or use our website, you consent to the collection and use of your personal information. Further information about how our website
uses cookies, can be found in our Cookie Policy via www.aughtonainsworth.com.

Any questions/complaints?

If you have any concerns, comments or wish to exercise any of your rights under the GDPR, please contact us using the following details:

Data Protection Officer
2 Merchants Quay
Salford Quays
Manchester
M50 3XR
Tel: +44 (0) 0161 877 8555
Fax: +44 (0) 0161 877 8557
Email: info@aughtonainsworth.com

We aim to respond to any complaint in 30 days. Our Data Protection Officer will manage your complaint.

You have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website (www.ico.org.uk)

Monitoring and review

This policy was last updated on 25 May 2018 and shall be regularly monitored and reviewed, at least every two years.