DKLM LLP company number OC305165 is authorised and regulated by the Solicitors Regulation Authority under ID number 389794. Your privacy is important to us. This Privacy Notice explains what personal information we collect from you and how we use it, the conditions under which we may disclose it to others and how we keep it secure. It will also inform you about your privacy rights under the law and how we protect your personal information.
We are registered with the Information Commissioner’s Office under registration number Z8723787. Unless it is necessary, or we are legally obliged to do so, we will not disclose your personal details to any third parties
When we do need to disclose your personal information, we will do so in accordance with the UK General Data Protection Regulations (GDPR).
Please ensure that you read this Notice together with our general Terms and Conditions of Business which provide further information.
Controller and Processor
This Notice aims to provide you with information on how we collect and process your personal information. Where the term ‘we’, ‘us’ or ‘our’ is used we are referring to the relevant company responsible for processing your personal information. We are both the ‘Controller’ and ‘Processor’ of the personal information you provide to us. Your personal information will be securely stored confidentially on our computer systems and/or in paper files.
Our full details are:
Full Name: DKLM LLP, City House, 3 Cranwood Street, London EC1V 9PE
Telephone: 0207 549 7888, Fax: 0207 549 7889
Our designated Data Protection Officer is Adam Keeble and he can be contacted as above.
Failure to Provide Personal Information
Where under the law or as a regulatory obligation or pursuant to an agreement we have with you, we are obliged to collect personal information and if you fail to provide that information when requested, we may not be able to perform the agreement we have or are trying to enter into with you. In such cases we may be obliged to decline your instructions or cancel the agreement we have with you, but we will notify you if this is the case at the time.
It is your responsibility to ensure that the personal information you provide is and at all times remains correct.
What We Need From You
Under GDPR, personal information is defined as ‘any information relating to an identified or identifiable natural person’. An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The type of information we require will vary depending on the nature of your instructions and the work you wish us to do. There are two categories of information that you may need to provide us with:
Personal Information: This is general information that you supply about yourself – including your name, address, gender, date of birth and contact details.
Sensitive Personal Information: If your matter relates to establishing, exercising or defending a legal claim we are permitted to process this type of information. This may include racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, information concerning health or sex life and sexual orientation, genetic information or biometric information. If we require sensitive personal information for any other purpose, we will seek your prior consent.
Sources of Personal Information
We may also obtain personal information about you from other sources during our instruction e.g. banks and building societies, medical or financial institutions, employers and other relevant organisations/third parties.
Why We Need this Information
We need this to provide the agreed legal services and generally administer and take care of our relationship with you. We will not collect any personal information from you which we do not need. The following (non-exhaustive) are some examples of what we may use your personal information for:
- Verifying your identity;
- Verifying your source of funds;
- Communicating with you;
- Obtaining insurance policies on your behalf;
- Processing your legal transaction including providing you with advice, carrying out litigation on your behalf, attending hearings on your behalf, preparing documents or to complete transactions;
- Keeping financial records of your transactions and the transactions we make on your behalf;
- Seeking advice from third parties such as legal and non-legal experts.
How We Use Your Personal Information
We will only use your personal information when permitted by the law. Most frequently we will use your personal information in the following circumstances:
- Performance of a Contract where the processing your personal information is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract;
- Legitimate Interest where the interests of our business in conducting and managing our business enables us to provide you with the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law);
- Comply with a legal or regulatory obligation where the processing of your personal is necessary for compliance with our legal or regulatory obligations.
Marketing and Your Personal Information
We ask you to provide us with your written consent to using your personal information that we have collected in accordance with this privacy notice to contact you about our general products or services, events etc. which we feel might be of interest to you. These direct marketing communications may be provided to you by social media channels, email or post. We will never send marketing communications via SMS or call you without your specific consent; nor do we ever pass on or sell your details to third parties. We will provide you with information on products or services which are directly linked to your matter that we feel would be a legitimate interest to you. These are different from the general marketing information of our services.
Please indicate within the client care letter you have received (along with this notice) whether you wish to opt in or out of receiving our general marketing notifications. You will still receive notification of products and services which are directly linked to the services we are providing to you.
Purposes for Which We Will Use Your Personal Information
The table below provides a description of some of the ways we might use your personal information and the legal basis we rely on to do so. We also identify what our legitimate interests are where appropriate.
Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using it.
- Purpose / Activity
- Lawful Basis for Processing Including
- Basis of Legitimate Interest
- To register you as a new client:
Performance of a contract with you;
Compliance with a legal or regulatory obligation;
- To process and deliver legal services:
Performance of a contract with you
Necessary for our legitimate interest (for example to recover debts due to us)
Compliance with a legal or regulatory obligation
- To manage our relationship with you, which will include:
Asking you to leave a review or take a survey;
Sending you information about other services or events we provide which may be of interest to you;
Performance of a contract with you;
Compliance with a legal or regulatory obligation;
Necessary for our legitimate interest (to keep our records updated and to study how customers use our products/services);
Who Has Access To Your Information?
We will keep your personal information confidential except where:
- We are under a legal, regulatory or professional obligation to (for example to comply with anti-money laundering regulations);
- We engage other professional advisers on your behalf, such as barristers and experts for the provision of specialist advice;
- We are required to make a disclosure for the purpose of our business (this includes our regulators, auditors, external assessors and our insurers);
Where we outsource legal activities or any operational functions.
We will always seek a confidentiality agreement with these outsourced providers and ensure that they are GDPR compliant.
Non-exhaustive examples of third parties whom we may disclose your personal information to and why:
- HM Land Registry to register a property;
- HM Revenue and Customs e.g. for Stamp Duty Liability;
- HM Courts and Tribunal Service to file papers relating to litigation;
- Solicitors acting on the other side;
- Asking for an independent barrister for advice or opinion or to represent you;
- Non legal experts to obtain advice, opinion or assistance;
- Contracted suppliers/consultants;
- External auditors or our regulator eg: SRA, CQS, etc.;
- Bank, building society or other financial institutions;
- Insurance companies;
- Providers of identity verification;
- Outsourced secretaries for provision of secretarial services;
- Outsourced IT services for the maintenance of our IT infrastructure;
- Hosted IT services for the maintenance of our IT infrastructure;
- Contracted agencies for electronic ID verification;
- Any disclosure required by law such as the prevention of financial crime and terrorism;
- If there is an emergency and we think you or others are at risk.
Before we share any of your personal information with third parties we will ensure that they comply strictly and confidentially with our instructions and that they do not use your personal information for their own purposes unless you have explicitly given your prior consent to this. There may be some personal information which we will require your prior consent to obtain. If this is the case then we will contact you to request your consent in writing and you are free to withdraw this consent at any time.
How We Protect Your Personal Information
We recognise that your personal information is valuable and we will take all reasonable measures to protect it whilst it is in our care.
We have very high and established standards of technology and operational security to protect personally identifiable information from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal information is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer firewalls as safeguards and physical access controls to our buildings and files to keep personal information safe.
Request Access to Your Personal Information
GDPR gives you the right to see a copy of the personal information that we hold about you. You can ask us to supply you with copies of both paper and/or computer records and related information. This is called a ‘Subject Access Request’ (SAR). If you wish to put your request in writing then this can be sent to us by post to the relevant office address or by email to firstname.lastname@example.org. We will respond within one month from receipt of your request. We may extend the time limit if the request is complex or if we receive a number of requests from one individual. In most circumstances we will not make a charge for a SAR, however, where we consider requests to be manifestly unfounded or excessive, in particular because they are repetitive, we are entitled to charge a reasonable fee taking into account the administrative costs of providing the information or we can refuse to respond. If we refuse to respond to your request, we will explain why and may ask you to specify the information the request relates to.
Further information on SAR’s can be obtained from the Information Commissioner’s Office (ICO) at www.ico.org.co.uk.
How Long We Will Keep Your Personal Information
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount of your personal information, its nature and sensitivity, the potential risk of harm from unauthorised use of disclosure, the purposes for which it was processed and whether we can achieve these purposes through other means, and the applicable legal requirements.
Once you have settled our final bill, we will retain your file in a physical and/or digital format following conclusion for between seven and 15 years dependent upon the nature of the matter. Some files we will retain indefinitely.
The period is set due to regulatory reasons and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and potentially others. If you would like more information on our file retention policy relating to your specific matter then please contact us.
Request Correction of Your Personal Information
We take all reasonable steps to ensure the personal information we have for you is accurate and up to date. If you think that what we have is not accurate or up to date, please tell us as soon as possible and we will correct it.
It is your responsibility to ensure that the personal information you provide is correct and that you notify us of any changes to enable us to correct our records e.g. address and telephone number/s. We may need to verify the accuracy of any new information you provide to us.
Request Erasure of Your Personal Information
You may request us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with the law. Please note, however, that we may not always be able to comply with your request for erasure for specific legal reasons and the right to erasure does not apply where there is a lawful reason which requires us to continue holding/ processing. If applicable, we will explain these to you at the time of your request.
Object to Processing of Your Personal Information
You may object where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights.
Request Restriction of Processing Your Personal Information
You are entitled to ask us to suspend the processing of your personal information in the following scenarios:
- if you want us to establish its accuracy;
- where our use is unlawful, but you do not want us to erase it;
- where you need us to hold it even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use but we need to verify whether we have overriding legitimate grounds to use it.
Request Transfer of Your Personal Information
If we are asked to transfer your personal information to you or to a third party, we will provide this to you, or a third party you have chosen, in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. This right does not require us to provide a copy of your whole file and relates to portability of your personal information only.
Right to Withdraw Consent
You can only exercise this right where we are relying on ‘consent’ to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Queries About Our Use of Your Personal Information
If you have a query about how we have handled your personal information, you can contact our Data Protection Officer by email at email@example.com who will be happy to look in to this for you. Your also have the right to contact the Information Commissioner’s Office (ICO) directly. Please see their website www.ico.org.co.uk. However we would appreciate the chance to deal with your queries before you approach the ICO so please contact us in the first instance.