We at Keogh Caisley, take seriously our responsibility to protect and respect your privacy and to ensure that your data is managed securely and sensitively.
Data Protection Principles
We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
Keogh Caisley is a Limited Company registered in England and Wales, Company Registration number 08131422 registered address 11 Lime Hill Road, Tunbridge Wells, Kent TN1 1LJ
Keogh Caisley is authorised and regulated by the Solicitors Regulation Authority SRA ID number 612638
Keogh Caisley is a data controller and is responsible for any personal data you supply us
The Data we collect about you is, but is not limited to:
Your name, address, email address and telephone number
Identity documents and date of birth
Information relating to the matter you are seeking advice on or representation by us
Your National Insurance Number
Your bank account details
We collect these personal details to enable us to provide our services to you. It is important that the details we hold about you are accurate and it is important that if any of your personal data changes during your relationship with us that you inform us.
How we collect your personal data
We collect most of the information from you directly, when taking initial instructions and during the course of your matter. We will also use third parties, to confirm your identity and comply with our legal and regulatory obligations. We may also use publicly accessible information, for example from Land Registry and Companies House.
We will ask for your consent to contact other third parties for example:-
• Your bank, building society or other financial institutions
• Consultants and other professionals engaged in relation to you matter
How will we use the information about you
We will only use your personal data when the law allows us to, most commonly, we will use your personal data where we need to perform the contract to provide legal services we are about to or have entered into with you.
We will never use your personal data to send you marketing or unsolicited promotional communications or share your data with any third party without your consent.
Who will have access to my personal information
Employees of the Firm may be given access to your personal data for the purposes of providing legal services, money laundering and billing. Their use is always limited to the performance of their duties as employees and all employees have received GDPR training. No employees are permitted to access information that is not relevant to their duties and are required to keep all information confidential.
The Solicitors Regulation Authority require us to have our client account audited annually and where matters are randomly selected for audit. The auditor will see your personal details if your matter is selected for audit. The auditor is subject to a confidentiality agreement and will not pass on your details, unless there has been an error by us or fraud is suspected.
Where your data is stored?
Your information is stored on our computer network and cloud based case management system and backed up to ‘The Cloud’. All data is encrypted via HTTPS using Transport Layer Security (TLS). TLS is a cryptographic protocol designed to protect information transmitted over the internet, against eavesdropping, tampering, and message forgery. The data is then stored on servers in Dublin, London, Manchester and Leeds, encrypted using AES-256 military grade encryption.
None of our external third parties to whom we transfer your personal data are based outside the EEA (European Economic Area). If this changes we will contact you first, to obtain your consent.
We only retain your personal data for as long as it is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. Depending on the nature of your matter, the retention policy varies from six years to twelve years and for Private Client work e.g. wills and probate, indefinitely. Please check with the solicitor acting for you the period of retention.
If you contact us to discuss a matter or to obtain a quote, but do not then formally instruct us, we will destroy your data after ninety days.
What are your rights?
Under certain circumstances, by law you have the right to:
Request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Right of erasure/right to be forgotten You have the right to request the erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example, if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.