- Introduction and Terms
- How to contact us
- Your rights
- Who we are
- What information will Thurstan Hoskin Solicitors collect about me?
- ow will this be used?
- When will you contact me and will this be marketing?
- Will you share my information with anyone else?
- How long will you keep my details?
- Can I delete my details?
- Can I correct or update my details?
- Can I find out what details you hold?
- Track & Trace Data handling
1. Introduction and Terms
2. How to contact us
You can contact us using the following details:
FAO: Privacy Officer, Thurstan Hoskin Solicitors LLP, Chynoweth, Chapel Street, Redruth, Cornwall, TR15 2BY.
Telephone: 01209 213 646 and ask to speak to the Privacy Officer.
3. Your rights
Under the GDPR your rights are:
- The right to be informed – We must make available this privacy notice with the emphasis on transparency over how we process your data.
- The right of access – You are entitled to find out what details we may hold about you and why.
- The right to rectification – We are obliged to correct or update your details.
- The right to erasure – This is also known as the request to be forgotten.
- The right to restrict processing – You have the right to ‘block’ or suppress the processing by us of your personal data.
- The right to data portability – You have the right to obtain and reuse your personal data that you have provided to us.
- The right to object – You have the right to object to us processing your data in relation to direct marketing and or profiling.
- Rights in relation to automated decision making and profiling – We do not use automatic decision making or processing.
4. Who we are
5. What information will Thurstan Hoskin Solicitors LLP collect about me?
We process both Personal and Sensitive (Special) categories of data. Personal data we process may include name, address and email address. It also may include IP address and cookies (Website). Due to the nature of our business we also process Sensitive (Special) categories of data, such as health data, racial or ethnical origin and biometric data (passports for identification and verification purposes as required by law).
Our collection methods are:
- Through our website
- Through engagement of our services
- By communications
- Through engagement of service providers
6. How will this be used?
We use information held about you in the following ways:
- To ensure that content from our site is presented in the most effective manner for you and for your devices;
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes or because we have a “legitimate interest” in doing so. ( A “legitimate interest” may arise, for example, when we may have been given a business card but do not have your express consent, or where we have an existing business to business relationship with you. Where we rely on “legitimate interests” we will record our decision and our method on making this decision. This can be requested by you at any time. )
- To carry out our obligations arising from any contracts entered into between you and us;
- To allow you to participate in interactive features of our service when you choose to do so, e.g. asking a question through our website.
- We also embrace the use of social media and may wish to process any comments made public by you.
- To carry out necessary maintenance to our IT infrastructure.
- And also to notify you about changes to our service.
7. When will you contact me and will this be marketing?
If you were an existing client as at 25th May 2018, and have been receiving information about our legal services (marketing) from us, we will continue to contact you by postal and electronic means (e-mail) with information about our legal services, unless you ask us not to – please contact email@example.com.
If you become a client after 25th May 2018, we will contact you by post or electronic means with information about our legal services, but only if you have consented to this. You can choose to not receive these types of communication by contacting firstname.lastname@example.org.
8. Will you share my information with anyone else?
We will keep your information within the ‘firm’ except where disclosure is required or permitted by law or when we use third party service providers (data processors) to supply and support our services to you. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do so. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Please see the below list of our data processor services.
- IT Provider – C F Systems Ltd – IT Support
- Email Provider
- Secure document disposal service
- Wi-Fi Provider
- Internal HR systems provider
- Secure Waste disposal service
- Storage Facility
- Cleaning service (Offices)
9. How long will you keep my details?
Our data retention policy is dictated by the DPA/GDPR and the requirements of our legal profession regulator, the Solicitors Regulatory Authority (SRA), a copy of which can be requested.
10. Can I delete my details?
Under GDPR you have the right to erasure under specific circumstances; this will be decided on a case by case basis. Please contact us for more information relating to you rights.
11. Can I correct or update my details?
We will correct or update your data without delay provided you make the request in writing specifying which of your data is incorrect or out of date. If you have any concerns regarding this issue please contact us.
12. Can I find out what details you hold?
We strive to be as open as we can be in giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the DPA and the ‘Right of access’ under the GDPR. If we do hold information about you we will respond in writing within one calendar month of your confirmed request.
The information we supply will:
- Confirm that your data is being processed
- Verify the lawfulness and the purpose of the processing
- Confirm the categories of personal data being processed
- Confirm the type of recipient to whom the personal data have been or will be disclosed, and
- Let you have a copy of the information in an intelligible form
To make a request for any personal information please write to us at the address provided in this policy. Please note that you may need to provide identification in order to prove who you are to access your data.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do not hold information about you we will also confirm this in writing at the earliest opportunity.
We keep our privacy notice under regular review and changes may be made to it from time to time. The current version of our privacy notice will be posted on our website so that you are aware of its contents.
You have the right to complain about the processing of your personal information. Please contact us using the details provided above. If you are still dissatisfied you have the right to complain to the Information Commissioners Office: www.ico.org.uk.
15. Track & Trace Data handling
Recording customer details: how we use your information
To support NHS Test and Trace (which is part of the Department for Health and Social Care) in England, we have been mandated by law to collect and keep a limited record of staff, customers and visitors who come onto our premises for the purpose of contact tracing.
By maintaining records of staff, customers and visitors, and sharing these with NHS Test and Trace where requested, we can help to identify people who may have been exposed to the coronavirus.
As a customer/visitor of Thurstan Hoskin Solicitors you will be asked to provide some basic information and contact details. The following information will be collected:
- the names of all customers or visitors, or if it is a group of people, the name of one member of the group
- a contact phone number for each customer or visitor, or for the lead member of a group of people
- date of visit and arrival time
The venue/establishment as the data controllers for the collection of your personal data, will be responsible for compliance with data protection legislation for the period of time it holds the information. When that information is requested by the NHS Test and Trace service, the service would at this point be responsible for compliance with data protection legislation for that period of time.
The NHS Test and Trace service as part of safeguarding your personal data, has in place technical, organisational and administrative security measures to protect your personal information that it receives from the venue/establishment, that it holds from loss, misuse, and unauthorised access, disclosure, alteration and destruction.
In addition, if you only interact with one member of staff during your visit, the name of the assigned staff member will be recorded alongside your information.
NHS Test and Trace have asked us to retain this information for 21 days from the date of your visit, to enable contact tracing to be carried out by NHS Test and Trace during that period. We will only share information with NHS Test and Trace if it is specifically requested by them.
For example, if another customer at the venue reported symptoms and subsequently tested positive, NHS Test and Trace can request the log of customer details for a particular time period (for example, this may be all customers who visited on a particular day or time-band, or over a 2-day period).
We will use contact information held on file for these purposes where possible – please ensure reception have up to date contact telephone numbers for you. Where we cannot obtain the required information from our records, we will ask you to provide the information on arrival to our office
NHS Test and Trace will not disclose this information to any third party unless required to do so by law (for example, as a result of receiving a court order). Details of your visit will be deleted from our Test & Trace datasheet no less than 21 days after / 90 days after your visit. Details of your visit will however remain in other places as per our GDPR regulations.
Your information will always be stored and used in compliance with the relevant data protection legislation.
The use of your information is covered by the General Data Protection Regulations Article 6 (1) (c) – a legal obligation to which we as a venue/establishment are subject to. The legal obligation to which we’re subject, means that we’re mandated by law, by a set of new regulations from the government, to co-operate with the NHS Test and Trace service, in order to help maintain a safe operating environment and to help fight any local outbreak of corona virus.
By law, you have a number of rights as a data subject, such as the right to be informed, the right to access information held about you and the right to rectification of any inaccurate data that we hold about you.
You have the right to request that we erase personal data about you that we hold (although this is not an absolute right).
You have the right to request that we restrict processing of personal data about you that we hold in certain circumstances.
You have the right to object to processing of personal data about you on grounds relating to your particular situation (also again this right is not absolute).
If you are unhappy or wish to complain about how your information is used, you should contact a member of staff in the first instance to resolve your issue.
If you are still not satisfied, you can complain to the Information Commissioner’s Office. Their website address is www.ico.org.uk.
Data protection office – Barbara Archer.
We keep our privacy notice under regular review, and we will make new versions available on our privacy notice page on www.thurstanhoskin.co.uk .