The following information informs you about what we do with your information when you instruct us to provide legal advice or represent you in respect a legal matter.

How we collect and use your personal information

In order to provide you with advice and representation Legal Services must process certain information from you. The processing of your information includes the collection, use, sharing (if appropriate), retention and destruction of your personal information.

Legal Services may collect some, or all, of the following information about you depending upon the nature of the legal matter:

• name and job title
• contact information, including email address and telephone number
• education, training and employment details
• financial details
• business details
• demographic information such as postcode, preferences and interests

Legal Services collects information about you when you contact us or instruct us. Personal data may also be obtained from third parties, such as other legal professionals or experts, members of the public, your family and friends, witnesses, courts and other tribunals, regulators, public records and registers.

Legal Services also collects information from you if you voluntarily complete client surveys and provide feedback.

Personal Information you supply to Legal Services may be used in several ways, for example:

• to contact you to provide the legal advice and support which you request
• to verify your identity
• in keeping records of the work we have done
• to improve the products and services we provide
• for fraud prevention
• if it is required by law

Lawful basis for processing your personal information

The General Data Protection Regulation and the Data Protection Act 2018 (DPA 2018), re-quires data controllers to have a lawful reason for processing personal data. Legal Services has a legitimate interest in using your personal data as a client as it is necessary for us to do so in order to provide legal services to you.

Our lawful reasons for processing include:

• contractual necessity
• consent
• compliance with the law; and
• legitimate interests such as providing legal advice and representation to you as a client, providing legal services to the client from whom or on whose behalf we have collected your personal data, carry out billing and administrative services including fee collection and dealing with complaints or concerns.

In relation to special category person data, our processing is necessary for the establishment, exercise or defence of legal claims.

In relation to offence/convictions personal data, our processing is necessary for the purpose of, or in connection with legal proceedings, obtaining legal advice or exercising legal rights.

Protecting your personal information

The council endeavours to ensure that the services we provide comply with all data protection legislation, for example, the General Data Protection Regulations (GDPR), and the Data Protection Act 2018 (DPA 2018).

Legal Services uses a secure case management system and database to manage files containing personal information. Access to files are restricted to individuals within the Legal Services team who need to access the file.

Legal Services does what it can to make sure we hold records about you (on paper and electronically) in a secure way, and we’ll only make them available to those who have a right to see them.

Sharing your personal information

We use a secure case management system to manage our files, many of which contain personal information.

Sometimes we use external organisations to help deliver services to you, such as Barrister’s Chambers to instruct Counsel. When we have these arrangements we enter into agreements to make sure that the organisation complies with data protection law.

Sometimes we have a legal duty to provide personal information to other organisations. This is often because we need to give that data to the Court/Tribunal staff and Judges to deliver our service to you.

We also need to provide your personal data to our accounts department for the purposes of processing and collecting fees.

On occasion it may be necessary to provide your personal data to the Solicitors Regulation Authority in the event of a dispute

We may need to share your personal data if the Court orders that we provide information to a third party organisation and or to another parties’ legal advisers in the course of conducting litigation.

Retaining your personal information

Most of our personal information is stored on systems in the UK. However, in the course of providing you with advice and representation it may be necessary to transfer information outside of the UK or EU or to obtain information which is stored in a system outside of the EU.

Legal Services have additional protections in place for your information if it leaves the UK ranging from secure ways of transferring data to ensuring we have a robust contract in place with that third party who is receiving the data.

Legal Services will take all practical steps to avoid personal information being sent to a country that is not seen as ‘safe’ either by the UK or EU governments. If we cannot avoid the need to send your information to an ‘unsafe’ location, we’ll always seek advice from the Information Commissioner first on how best to protect your personal information.

Information is held in UK on computer and manual files. Legal Services only retain the information for as long as it is necessary to carry out the work you request or as required to be kept by law. Electronic Files are closed upon the conclusion of the matter and closing file forms reflect the date at which paper and electronic files can be destroyed.

Where information is retained for several years after conclusion of the matter, this is because the information may be needed for potential legal proceedings or regulatory compliance purposes. We include all of these in our file retention schedule.

Automated decision-making / profiling

We do not use your personal information for automated decision making.

Cookies and your individual rights

To learn more about cookies or to learn more about your individual rights, or how to raise a concern, please see our General privacy notice.