Privacy Notice – GDPR Compliant
Straight Law Ltd T/AS Strictly Law hereafter referred to as Strictly Law values your privacy and cares about the way in which your personal data is treated. This policy describes what personal data we collect about you, how we obtain it, how we use it, on what basis, how long we keep it for, who we share it with, how we protect it, and your rights regarding its control and processing.
Strictly Law is a virtual English Paralegal law firm and ‘personal data’ is defined as any information relating to an individual, whether it relates to their private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, social services records, records of criminal convictions, or a computer’s IP address.
Personal data we collect about you: We may collect personal data from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal services or as a result of your relationship with one or more of our staff and clients.
The personal data that we process includes:
- Basic data, such as your name (including prefix or title), the company you work for, your title or position, and your relationship to a person;
- Contact data, such as your postal address, email address, and phone number;
- Financial data, such as payment-related information;
- Identification and background data provided by you or collected as part of our business acceptance, employment or recruitment processes;
- Technical data, such as data from your visits to our website or in relation to materials and communications we send to you electronically;
- Data you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
- Personal data provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include special categories of data (to include records of criminal convictions); and
- Any other data relating to you which you may provide to us or ask us to obtain on your behalf.
How we obtain your personal data: We collect data from you:
- As part of our business acceptance processes and about you and others as necessary in the course of providing legal services;
- When you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our websites;
- When monitoring our technology tools and services, including our websites and email communications sent to and from Strictly Law; and
- We may collect or receive data about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publically available sources.
How we use your personal data: Strictly Law collects and processes personal data about you in a number of ways, including through your use of our websites and in the provision of services by us. We use that data:
- To provide and improve our website, including auditing and monitoring its use;
- To promote our services, including sending legal updates, publications and details of events;
- To manage and administer our relationship with you and our clients;
- To provide and improve our services to you and to our clients, including handling the personal data of others on behalf of our clients;
- To provide data requested by you;
- To fulfil our legal and risk management obligations, including establishing, exercising or defending legal claims; and
- For the purposes of employment and recruitment.
Use of our website: Some facilities on our websites invite you to provide us with personal data, such as our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal data and we only use that data for those purposes.
Marketing and other emails: We do not use your personal data included in emails for marketing purposes and do not pass on your information when you make an enquiry, unless you become a client and with your consent it is necessary in the furtherance of your matter.
Meetings, events and seminars: We will collect and process personal data about you in relation to your attendance at our clinics, appointments, or consultations, hosted by Strictly Law. We may share your data with IT and other service providers or business partners
Legal and other services: We collect, create, hold and use personal data in the course of and in connection with the services we provide to our clients. We will process identification and background data as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal data provided to us by or on behalf of our clients for the purposes of the work we do for them. The data may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal data with’ below.
On what basis we use your personal data: We use your personal data on the following bases:
- To perform a contract, such as engaging with an individual to provide legal or other services; including legal and general advice and case viability;
- To comply with legal obligations; and
- For legitimate business purposes. This means in the interest of Strictly Law in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Please see ‘How we use your personal data’ for more detail.
How long we keep your personal data: Your personal data will be retained in accordance with our data retention policy that categorises all of the data held by Strictly Law and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the data is collected and used, taking into account legal and regulatory requirements to retain the data for a minimum period, limitation periods for taking legal action, good practice and Strictly Law’s business purposes.
If you purchase legal services from us we will usually retain your personal data for 15 years, starting from when we cease to act for you. After 15 years your personal data is destroyed, unless you have asked us to store your will or other important legal documents for you.
Who we share your personal data with: We may share your personal data with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Suppliers to whom we outsource certain support services such as word processing, photocopying, and translation;
- Our professional advisers and auditors;
- IT service providers to Strictly Law ; and
- Third parties engaged in the course of the services we provide to clients and with their prior consent, such as solicitors and barristers, expert witnesses, medical agencies, costs drafting agencies and technology service providers;
Where necessary, or for the reasons set out in this policy, personal data may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your data to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your data to new Strictly Law entities or to third parties through which the business of Strictly Law will be carried out.
We do not sell, rent or otherwise make personal data commercially available to any third party, except with your prior permission.
How we protect your personal data: We use appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights regarding your personal data: The European Union’s General Data Protection Regulations and other applicable data protection laws provide certain rights for data subjects.
You are entitled to request details of the data we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it amended or deleted, to restrict our processing of that data, to stop unauthorised transfers of your personal data to a third party and, in some circumstances, to have personal data relating to you transferred to another organisation. You may also have the right to make a complaint in relation to our processing of your personal data with the Information Commissioner’s Office.
If you object to the processing of your personal data, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal data’) or that you may not be able to make use of the legal services offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal data to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.
We must ensure that your personal data is accurate and up to date. Therefore, please advise us of any changes to your data as soon as possible.
Enquiries, complaints & requests: Strictly Law Data Protection Officer (‘DPO’) is Molly Jackson. All enquiries, complaints and requests relating to personal data should be directed to the DPO in the first instance, Molly Jackson. The DPO can be contacted at the firm’s offices by telephone (020 3292 1335), by post to The Basement, 122 Fernhead Road, Maida Vale, London W9 3EN, or by email to firstname.lastname@example.org. If you are not satisfied with the way your query is handled, you can contact the ICO direct (see www.ico.org.uk for details). The firm’s ICO registration number is A8224757.
Data controller: The firm’s IT systems are located within the EEA and controlled by Strictly Law. Strictly Law is the data controller in relation to your personal data.
Policy updates: This policy was last updated on 22 May 2018. Any changes to this policy will be notified to you as promptly as possible in accordance with our legal obligations.