About Our Privacy Notice
Making Contact With Us About Privacy & Data Protection
You can contact us regarding issues relating to this Privacy & Data Protection Policy in the following ways:-
By e-mail: email@example.com
By post: The Privacy Officer, Crisp & Co, Fife House, 14-18 Fife Road, Kingston Upon Thames, Surrey KT1 1SZ
By phone: 0208 546 7969 asking for the Privacy Officer
Understanding Your Data Protection & Privacy Rights
The GDPR provides you with the following rights:-
- The right to be informed: We must make available to you this Privacy Notice and provide you with transparency about how we process your data.
- The right of access: You are entitled to know what details we hold about you and why we hold those details.
- The right to rectification: We must correct or update your details
- The right to be forgotten: This is technically called the right to erasure, so that any data we hold is deleted once our need for it has passed.
- The right to restrict processing: You can block or limit the processing by us of your personal data.
- The right to data portability: It is your right to obtain and reuse your personal data that you have provided to us.
- The right to object: It is your right to object to us processing your data for direct marketing or profiling.
- Rights regarding automated decision making and profiling: We do not use automated decision making or processing.
Our Data Controller
For the purpose of the GDPR, the data controller is Crisp & Co of Fife House, 14-18 Fife Road, Kingston Upon Thames, Surrey KT1 1SZ. If you require further information on our privacy and data protection policy you can contact us by e-mail, post or telephone as outlined (above) in the details about making contact.
We have voluntarily appointed a Data Protection Officer (DPO), this is Michele Crisp and she can be contacted at firstname.lastname@example.org or at our Kingston office address listed above.
The Information We Collect About You
We process both personal and sensitive (special) categories of data for the purposes of the GDPR. The personal data we process will include your name, address and e-mail address. It may also include your IP address and cookies (website). In addition because of the nature of our business, we also process sensitive (special) categories of data for example health and financial data as well as racial or ethical and biometric data (typically from passports for identification and verification purposes which we are required to collect by law).
The methods we use to collect your data are as follows:-
- Through our website
- Through your engagement of our professional services
- Through communications (written and verbal)
- Through our engagement of service providers ( for example barristers)
How We Use Your Information
We use the information we hold about you in the following purposes:-
- To enable you to participate in interactive features of our service when you chose to do so, typically when raising enquires through our website.
- To fulfil our obligations to you arising from the contract (your retainer) between yourself and us.
- To ensure the content from our website is presented for optimal use by you on your devices.
- To carry out necessary maintenance to our IT infrastructure.
- To notify you of changes to our service.
Our Use of Your Data for Marketing
We do not use direct marketing however should we ever contact you to tell you about our services we will do so electronically and only with your prior express consent in compliance with the GDPR.
How We Share Your Information Data
Your information data is kept only within Crisp & Co except where disclosure is required or permitted by law or when we use 3rd party service providers (data processors) to supply and support our service to you. We have contracts and confidentiality agreements in place with all our data processors to ensure that they cannot do anything with your personal data without our express authority. These data processors will not share your personal information with any organisation apart from us and will retain it securely for such period of time as we instruct.
The services of data processors we use are listed below:-
- IT Provider: Cloud Service & IT Support
- E-mail Provider
- E-mail Encryption Provider: Cloud Service
- Cashiering and Account Support: Cloud Service
- Digital Telephone and Broadband : Cloud Service
- Wifi Provider
- HR Systems Provider: Cloud Service
- Website Provider: Cloud Service
- Digital Dictation Service: Cloud Service
- Client Feedback Collection: Cloud Service
- Secure Document Disposal Service
- Secure Storage Facility
- Serviced Office Providers for booking purposes only
- Out of hours call answering
- Marketing delivery service
- Cleaning Services (on site Offices)
How Long We Keep Your Personal Data
Our data retention policy is governed by the DPA & GDPR and by our professional regulatory body The Solicitors Regulatory Authority (SRA) details of which you can request.
Asking Us to Delete Your Personal Details
The terms of the GDPR provide that you have the right to erasure of your personal data under specific circumstances. We will consider each such request on an individual basis. Please contact our data controller for more information.
Updating or Correcting Your Personal Data
We will correct or update your personal data as soon as possible following a written request from you detailing the information that requires amendment; again please contact our data controller in regard to this issue.
Finding Out About the Personal Data We Have About You
We endeavour to be as open and transparent as possible in providing people with access to their personal information. All individuals are entitled to find out if we hold any personal information by making a ‘subject access request’ under the DPA and the ‘right of access’ under the GDPR.
If we hold personal data about you, we will respond in writing within one calendar month once your request has been acknowledged. The information we will supply you with is as follows:-
- Confirmation that your data is being processed;
- Verification of the lawfulness and purpose of the processing;
- Confirmation of the categories of personal data we are processing
- Confirmation of the type of recipient to whom the data has been or will be disclosed;
- We will ensure that all the information above is provided to you in an easily understandable form.
If you make a request for personal information please write to our data controller by e-mail on email@example.com or to our Fife Road, Kingston office (details on page 1). Please note that we may need to verify your identity to prove who you are before allowing access to the data.
We are happy to deal with access requests informally, for example over the telephone, where possible and if you wish.
If we do not hold information on you, we will confirm this is the case.
Changes to This Notice
We keep this Privacy Notice under continuing review and so from time to time changes to it may be made. The up to date version of this Notice is posted on our website so that you always have access to its content.
Making a Complaint About Our Handling of Your Personal Details
You have the right to complain about how we are or have handled your personal information. In the first instance please contact our data controller on firstname.lastname@example.org and we will endeavour to resolve any issues with you directly. If you remain dissatisfied you have the right to raise your complaint with the Information Commissioners Office who can be contacted :-
By e-mail using weblink: https://ico.org.uk/concerns/
By phone: 0303 123 1113 (local rate)
By post: Information Commissioner's Office
Cheshire SK9 5AF