Data Privacy Notice
Please read the Notice carefully as it contains important information about who, how, and why we will collect, store, use and share your personal information. The Notice also details your rights in relation to your personal information and how to contact us and our supervisory authority in the event of a complaint.
1 DEFINED TERMS
“the Company” means Forever Legal Limited (T/A Forever Legal) and any successor practice and any service company owned or controlled by or on behalf of the Company or any of the Directors;
“Data Controller” Forever Legal will act as a ‘data controller’. That means we are responsible for determining the purposes and means of the processing of Personal Data;
“Data Protection Legislation” means (i) the (UK) General Data Protection Regulations and (ii) the Data Protection Act 2018 and (iii) any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iv) any successor legislation to the GDPR or the Data Protection Act 2018 ;
“Engagement Letter” means, in relation to any Matter, the letter (or other agreement) recording the basis of our engagement;
“performance of a contract” means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
“Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
“Special Category Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation;
“Matter” means any specific transaction, dispute or issue in relation to which you ask us to provide Services whether or not it has been defined in an Engagement Letter or other agreement;
“Services” means all services we provide to you in relation to the relevant Matter;
“we”, “us”, “our” and “Forever Legal” means or refers to the Company;
“you” includes the addressee of the relevant Engagement Letter and any other person identified in the Engagement Letter as our client and “Your” shall have a cognate meaning.
2.1 Forever Legal Limited is an independent law firm authorised and regulated by the Solicitors Regulation Authority, SRA No. 658603, and is a company registered in England & Wales, Company No. 11771782. Our registered office is at Lindley Court, Scott Drive, Altrincham, Cheshire,WA15 8AB.
2.2 This privacy Notice together with our Terms of Business describe how the Company will collect and use personal information about you whilst providing you with Services in accordance with the means (i) the (UK) General Data Protection Regulations and (ii) the Data Protection Act 2018 and (iii) any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (iv) any successor legislation to the GDPR or the Data Protection Act 2018 ;
2.3 A current version of this document is available on the Company website.
3 POLICY STATEMENT
3.1 Forever Legal will act as a Data Controller. That means the Company is responsible for determining the purposes and means of the processing of your Personal Data.
3.2 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.3 Special Category Personal Data is more sensitive Personal Data which require a higher level of protection.
3.4 Forever Legal is committed to ensuring that all Personal Data will be processed in accordance with data protection law at all times.
3.5 In accordance with the Data Protection principles, the personal information held about you will be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that the Company has clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
3.6 It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during your working relationship with us.
3.7 We will only take instructions from you or any person that you have authorised in writing.
4.1 The Company will collect, store, and use the following categories of personal information about you:
- Full name and personal details (including ID, title, passport number, NI number, job title and date of birth). Contact information (including address and address history, email address, home and mobile telephone numbers). Financial details (including bank account details, bank statements to evidence funding, tax status information for fraud prevention purposes and payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information collected from publicly available resources and credit agencies.
- Family and lifestyle circumstances if relevant to the Matter (including marital status, details of family members, planned holiday dates, understanding of English and family connections with politically exposed persons).
- Information about your use of our IT, communication and other systems and monitoring information.
- Details of your visits to our offices and CCTV footage.
- Information collected from your use of our websites such as profile data (including name, email address and contact details, details of the services or updates you request and marketing preferences) usage data (including details of the services you viewed or searched for, page response times, download errors, length of visits and page interaction information) and technical data (including internet protocol address, browser type and version, time zone setting, browser plug in types operating systems and platforms).
4.2 In accordance with the type of Service being provided, the Company may collect, store, and use the following categories of personal information about you together with any other documents or information relevant to your Matter:
- Wills and Lasting Powers of Attorney
Information set out in wills and trust deeds, information provided regarding registration with HMRC’s Trusts Registration Service, information provided during administration including death certificates, details of funeral directors, ID, pension arrangements, details of any letter of wishes and contact details of beneficiaries and executors.
- Residential Property
Related transactions, property occupants and utility bills
- We may also collect, store and use (subject to paragraph 5 below) the following Special Data:
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions.
- Information about your health, including any medical condition, health and sickness records.
- Information about criminal convictions and offences.
5 SPECIAL CATEGORY PERSONAL DATA
5.1 Special Category Personal Data is Personal Data referring to particularly sensitive personal information and requires higher levels of protection and further justification for collecting, storing and using this type of personal information.
5.2 We may process Special Category Personal Data in the following circumstances:
- With your explicit written consent.
- Where we need to carry out our legal obligations or exercise rights in connection with employment.
- We may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
5.3 Where seeking consent, we will ensure that consent is freely given, specific, informed and an unambiguous indication of your wishes, statement or clear action showing agreement to the processing of their Personal Data.
5.4 The Company will not require your consent to use Special Category Personal Data in accordance with this Notice to carry out our legal obligations or exercise specific rights. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
6 HOW YOUR PERSONAL INFORMATION IS COLLECTED AND USED
6.1 The Company will collect personal information about you whilst we are performing Services in relation to your Matter.
6.2 Information will be collected in a number of ways including:
- Directly from you.
- During the course of dealings with you for or on behalf of our clients.
- When you provide information to us by filling in forms on our web site.
- When you contact us, we may monitor and keep a record of that correspondence (in whatever form).
- When we collect publicly available information about you or your business (including through electronic data sources such as bankruptcy search providers, credit reference agencies, Companies House or HM Land Registry).
- When we collect your Personal Data directly from third parties. For example our clients (such as information about their employees, family members, counterparties, your advisors and your suppliers) or trustees and legal representatives regarding beneficiaries or other parties involved in legal proceedings (such as the opponent’s solicitor).
- Government agencies.
- From third parties where you have given permission to those third parties to share your information with us (such as bank or building society, financial advisors, consultants and other professionals).
- Where you have made that information publicly available online.
- As you interact with our website, we may collect data about your equipment, browsing actions and patterns using cookies and other similar technologies when visiting our website, registering to receive email updates, booking a seminar or workshop, responding to a survey or using any other service on our website.
6.3 When you provide Personal Data to us relating to any third party, you confirm that you have any necessary consents or authority to do so. You are also responsible for ensuring that that provision of Personal Data complies with data protection and other applicable law. You must have the authority to disclose Personal Data if it related to someone else and all data disclosed should be complete, accurate and up to date.
6.4 We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where the Company must perform the contract we have entered into with you to provide Services in accordance with your instructions.
- Where the Company must comply with a legal obligation.
- Where it is necessary for the Company’s legitimate interests (or those of a third party) for business or commercial reasons and your interests and fundamental rights do not override those interests. We make sure that we consider and balance any potential impact upon you before processing your data.
- Where you have given explicit consent to do so.
6.5 The Company could also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest or for official purposes.
6.6 Regarding the lawful basis for our processing, most commonly we will rely on the performance of a contract with you, or alternatively that the processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, or that the processing is necessary to comply with a legal obligation. Generally we do not rely on consent as a legal basis for processing personal data other than to send marketing communications.
6.7 The Company may in the following situations require the listed categories of personal information to allow us to perform our contract with you:
- To contact you in the course of providing you with our Services.
- To assess whether we can act on your behalf and assist you with your Matter, to determine the terms of engagement, to take steps to enter into a contract, to manage and administer the contract, to provide you with our Services and to ensure that our records are kept updated.
- Updating and maintaining client records.
- To deal with your enquiries and request.
- To provide you with any information or Services that you request from us.
- If we are working on your Matter with other professionals including banks, mortgage lenders, estate agents, financial advisors etc. we will share data and disclose relevant data and information regarding your Matter where necessary. If you do not wish for us to do so, please notify your file handler in writing.
6.8 The Company may in the following situations require the listed categories of personal information to allow us to comply with our legal obligations:
- To comply with our legal and professional responsibilities and related disclosures, for activities relating to the prevention, detection and investigation of crime and comply with audits of regulatory bodies (such as conducting checks to identify and verify clients and their identity).
- To comply with court orders and exercises and/or defend our legal rights.
- Collecting and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.
- To ensure safe work practices including the rights and safety of our employees and clients.
6.9 The Company may in the following situations require the listed categories of personal information where it is necessary for the Company’s legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests:
- For monitoring and assessing compliance with our business policies and standards for internal compliance and security purposes.
- For insurance purposes.
- Staff education, training and development requirements and to analyse and improve our Services to you.
- Improving our business and Services by conducting analysis and research including data in relation to our financial performance, client base, work type or efficiency measures.
- To send client feedback forms to ensure that we continually monitor and improve our Services.
- To comply with court orders and exercises and/or defend our legal rights.
- To enable access to all parts of our website, to notify you of any changes or developments to our website and to use, analyse information to administer, support, improve and develop our website (including troubleshooting, testing, system maintenance and support).
6.10 The Company may in the following situations process your Personal Data with your express consent:
- To contact you to provide information about our Services, and to advise you of news and industry updates, events, promotions, reports and other information, and to carry out market research that we hope will be of interest to you.
6.11 The Company may in the following situations process Special Category Personal Data:
- When you instruct us on a Matter where this information is relevant such as a discrimination claim.
- Where this information is required to answer security questions such as Companies House when incorporating a company on your behalf.
- If you provide medical or dietary information when attending a meeting or event.
6.12 In relation to marketing- related communication, we will only provide you with such information after you have positively opted in by providing your express consent. If you later change your mind, you will have the opportunity to withdraw your consent and opt out at any time by emailing the person dealing with your Matter. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
6.13 Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
6.14 If you fail to provide the Company with personal information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our staff).
7 WEBSITE LINKS
8.1 Cookies are small data files which are stored on your computer or device when you visit a website containing information about the user. Cookies enable the website to remember information about you and your preferences.
9 CHANGE OF PURPOSE
9.1 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
9.2 Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
10 AUTOMATED DECISION MAKING
10.1 Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. The Company can use automated decision-making in the following circumstances:
- Where it is necessary to enter or perform a contract with you and appropriate measures are in place to safeguard your rights.
- Where the Company must comply with laws and appropriate measures are in place to safeguard your rights.
- With your explicit written consent and where appropriate measures are in place to safeguard your rights.
10.2 The Company does not expect to make any decisions about you using automated means; however, we will notify you if this position changes.
11 SHARING YOUR DATA
11.1 The Company will only transfer Personal Data where required by law, where it is necessary for the performance of our contract with you or where we have a legitimate reason for doing so. This could include sharing data with the following:
- Solicitor Regulation Authority who is our regulatory body.
- Our assessors to maintain a recognised quality standard for the practice.
- ISO assessment body, to maintain a recognised quality standard and information security standard for the practice.
- External auditors or examiners to ensure that we meet out legal, quality and financial management standards.
- Courts, law enforcement authorities, regulators or other parties where necessary for the establishment, exercise of defence of legal proceedings.
- The Company’s professional indemnity insurer.
- The Company’s bank and financial advisor.
- Third party solicitors.
- Professional advisers who we instruct on your behalf or refer to you including barristers, medical professionals, accountants, tax advisors, mediators or other experts and specialists.
- Other parties where necessary to carry out your instructions such as HM Land Registry and Companies House.
- Companies providing services for ID checks, money laundering checks and other fraud and crime prevention purposes.
- If we have collected your data in the course of providing a legal service to our client, we may disclose it to that client and where permitted by law to others for the purpose of providing those legal services.
- Third party service providers including beneficiary tracing agencies and actuaries.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
11.2 The Company may have to share your data with third parties, including third-party service providers where we have instructed them to process Personal Data on our behalf.
11.3 All third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We remain responsible for your Personal Data and will use appropriate safeguards to ensure the integrity and security of your Personal Data. We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
12 INTERNATIONAL TRANSFERS
In order to deliver services to you it is sometimes necessary for us to transfer your Personal Data outside the European Economic Area (EEA), for example:
- if you or we have service providers located outside the EEA;
- if you are based outside the EEA;
- where there is an international dimension to the Matter on which we are advising you.
In such circumstances, it may be necessary to transfer the personal information we collect to countries outside of the EEA which do not provide the same level of data protection as the country in which you reside and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information, such as European Commission approved standard contractual clauses.
In certain circumstances we may need to ask your consent unless there is an overriding legal need to transfer the Personal Data.
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Notice.
13 DATA SECURITY
13.1 The Company has put in place appropriate security measures against unlawful or unauthorised processing of Personal Data, and against the accidental loss of, or damage to, Personal Data.
13.2 In the unlikely event of a data security breach such as data being lost or shared inappropriately, we have procedures in place take appropriate action immediately to minimise any associated risk. We will notify you and any applicable regulator of a suspected data security breach if we are legally required to do so.
14 DATA RETENTION
14.1 The Company will retain your Personal Data held in your file for a period of time depending on the nature of your Matter and/or the purpose for which it was collected. When determining this period, we will consider fulfilling the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and where required, for the establishment, exercise or defence of legal claims.
- Property Sale 6 years
- Property Purchase 15 years
- Equity Release / re mortgage 6 years
Wills and Probate files – 6 years from the end of the administration of the estate of a deceased person or 6 years from the end of the administration of the estate of the deceased’s surviving spouse where applicable.
Original wills and lasting Powers of Attorney – 100 years
14.2 Following this period of time, your physical and electronic files shall be securely and safely destroyed.
15 DATA RIGHTS
15.1 The Company will process your Personal Data in accordance with your rights including the following:
- Right of access. You have the right to access your Personal Data, in order to be aware of, and verify, the lawfulness of processing. There are exceptions to this right and access could be denied. This information shall be provided without charge. However, the Data Protection Officer has discretion to charge a reasonable fee based upon the administrative cost where the request is unfounded, excessive or repetitive. We may need information from you to help us confirm your identity to ensure that personal information is not disclosed to any person who has no right to receive it.
- Right to rectification. You have the right for your Personal Data to be rectified if it is inaccurate or incomplete. If this data has been shared with third parties, we will inform them of the rectification. Please ensure that you inform us if your Personal Data is not accurate or changes so we may endeavour to keep this up to date.
- Right to erasure. You have the right to ask the Company to delete personal information where it is no longer necessary for the purpose it was collected or where you withdraw consent. If the data has been shared with third parties, we will inform them of the erasure. We may not always be able to comply with your request for erasure and may have to refuse to erase your Personal Data to the extent processing is necessary for compliance with a legal obligation to which we are subject. Primary instances of your data in our electronic systems will be erased as swiftly as possible. Personal data in backup archives are protected by strong encryption and retained for as little time as necessary before being automatically deleted. Personal data may remain in our backup archives if it is impractical to isolate your individual data. Please be assured that after your right to erasure has been exercised, your Personal Data will not be restored back to production systems except in certain rare instances such as the need to recover from a natural disaster or serious security breach. If this rare instance was to occur and your Personal Data was restored from backups, we will take the necessary steps to erase the primary instance of the data again.
- Right to restrict processing. You have the right to ask the Company to suspend processing your Personal Data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it..
- Right to data portability. You have the right to obtain your Personal Data from the Company to transfer to a third party. Upon receiving your instruction, we will send the data to you or the third party in a commonly used and machine readable format within one month of the request.
- Right to object. In certain circumstances, you have the right to object to the processing of your Personal Data and you may ask us to block, erase or restrict your Personal Data on grounds relating to your situation and we will stop immediately unless we demonstrate legitimate grounds for the processing.
- Right to withdraw consent. Where we are relying on your consent to the processing of your Personal Data, you have the right to partly or fully withdraw your consent. To do so, please contact your file handler or the DPO whose contact details can be found below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purposes to which you originally consented unless (other than in relation to marketing) there are compelling legitimate grounds for further processing which override your interests, freedoms or for the establishment, exercise or defence of legal claims.
15.2 If you wish to enforce any of the rights listed above, please contact the person dealing with your Matter in writing. Alternatively, you are able to email or write to our Data Protection Officer directly.
15.3 We will require information to identify you and will request proof of your identity.
16 PRIVACY MANAGER
16.1 Stephen Dicks is the appointed Privacy Manager and can be contacted at Lindley Court, Scott Drive, Altrincham, Cheshire,WA15 8AB.
16.2 You may make a complaint at any time to our Privacy Manager who we hope will be able to resolve any query or concern that you may have.
16.3 You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. The ICO can be contacted at www.ico.org.uk/concerns/ or 0303 1231113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Please do not hesitate to contact us should you have any queries regarding this Notice or the Personal Data we hold about you.
Please let us know on the contact details above if you would like this notice in another format.