Privacy Notice To Third Parties
Privacy Notice to all third parties involved in client matters
The European Union General Data Protection Regulation requires us (the data controller) to provide you (the data subject) with the information in bold at the beginning of each section below. The information is set out in the sections.
This Privacy notice applies only to third parties involved in client matters. There are different Privacy Notices (on our website www.hart brown.co.uk) for clients, for marketing contacts, for specialists and experts in that capacity, and for individuals within organisations with which we deal, some of which might also apply to you.
The personal data we receive can for example be in respect of our client’s opponent or opponents in a litigation matter, in respect of the other party or parties to a transaction, in respect of executors or beneficiaries to be named in a will or trustees to be named in a trust, or in respect of shareholders or directors in a company or other business.
1. The identity and contact details of the controller and of our representative.
Controller – Hart Brown LLP
Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX
Controller’s representative – David Wallace, Resolution House, Riverview, Walnut Tree Close, Guildford, Surrey GU1 4UX
01483 887589
2. Contact details of the data protection officer, where applicable.
Not applicable.
3. The purposes of the processing for which the personal data are intended and the legal basis for the processing.
3.1 To enable us to act for our client or clients in the relevant matter
The legal basis for the processing is that it is necessary for compliance with a legal obligation to which we are subject.
3.2 We will share personal information with law enforcement or other authorities if legally required.
The legal basis for the processing is that it is necessary for compliance with a legal obligation to which we are subject.
4. Where the processing is necessary for the purposes of the legitimate interests pursued by us what are those legitimate interests?
Not applicable.
5. The categories of personal data involved.
Whatever may be necessary to enable the matter to be processed and concluded.
6. The possible recipients or category of recipients of the personal data.
6.1 We will share the personal data with the relevant client where it is appropriate or necessary to progress and complete the matter on which they have instructed us and with any relevant expert or barrister. Once we have released any personal data we will not be in control of or able to ensure its security. However, except in the context of the prevention, investigation, detection or prosecution of criminal offences, any organisation to which we release the personal data will itself be bound to keep your data secure and generally to comply with the requirements of the General Data Protection Regulation. Where we need to release any of your personal data to a natural person in the course of a purely personal or household activity, that assurance of security will not apply. Any personal data we do release to a third party will be limited to what must be released for the relevant purpose to be achieved.
6.2. We will also share that data with:
6.2.1 The hosts running our software on their systems.
6.2.2 Our software suppliers.
6.2.3 The providers of our copying machines, which also act as scanners, to the extent that when a document is copied or scanned the machine automatically makes an electronic copy.
6.2.4 Our external accreditation auditors, to the extent that they ask to see individual files or relevant accounts records.
6.2.5 Our external accountancy auditors.
6.2.6 The Solicitors Regulation Authority, to the extent that we are obliged to report an issue to them.
6.2.7 The Legal Ombudsman, to the extent that a complaint is made to her office about us.
6.2.8 The Information Commissioner’s Office when required to do so.
6.2.9 Our I.T. support contractors, to the extent necessary for them to provide that support.
6.2.10 Our professional indemnity insurers and their (and, if different, our) professional advisers, to the extent appropriate if and when circumstances arise where there might be a claim against us and by us on that insurance policy, to enable us to achieve a fair outcome.
6.2.11 The relevant authorities whenever we are required by law to do so including if we suspect there might have been or there might be an offence or attempted offence whether against the Money Laundering Regulations or otherwise.
6.2.12 The court, the tribunal, the arbitrator or the mediator if relevant.
6.2.13 Generally as may be necessary to enable us to do the work our clients have instructed us to do.
7. Can we transfer your personal data to a third country or international organisation?
Hart Brown LLP does not usually transfer any information internationally. We can only do that in respect of your personal data if you want to make or have made a contract with us and sending the personal data internationally is necessary for the purpose of that contract, or if you consent to the data transfer. This will have to be addressed if the issue arises.
8. What is the period for which your personal data will be stored?
For as long as we keep the relevant file for the client. There is a minimum period of the relevant limitation period (in which we can be sued) plus a year.
9. Is the provision of personal data a statutory or contractual requirement or a requirement necessary to enter into a contract, and are you obliged to provide personal data, and what are the possible consequences of failure to provide such data?
If you are an opponent of a client of ours, court rules could require you to provide personal data to us. Any breach of court rules by a party to litigation can prejudice the party breaching them. Otherwise, your personal data might be required in order to enable a transaction or arrangement to which you are or wish to be a party to proceed, and failure to provide the data might prejudice the transaction or arrangement.
10. The existence of automated decision making, including profiling
Hart Brown LLP does not use automated decision making including profiling.
11. What is the source of your personal data not obtained from you and, if applicable, will this come from publicly accessible sources?
In a house move, the relevant estate agents will give us the names and addresses of both parties. For wills the testator will give us the names and addresses of the intended executors and beneficiaries. For trusts the settlor will give us the names and addresses of the trustees and the beneficiaries. For commercial matters the client will give us the names and addresses of shareholders, directors, and other company officers, and of the directors or owners of the other business to a transaction. For litigation matters the opponent or their solicitors will give us the personal data required by the court rules to be given to us.
Sometimes personal data will be obtained from publicly accessible sources, such as Companies House (on shareholders, directors and other officers) or Chambers or the Legal 500 on barristers and solicitors.
12. Your data protection rights.
12.1 You have the right to request from us access to and rectification or (in certain circumstances) erasure of personal data or (in certain circumstances) restriction of processing concerning you.
12.2 Where the processing is carried out by us on the basis that it is necessary for the purposes of the legitimate interests pursued by us, you have the right to object to it continuing and we must stop the processing unless we demonstrate legitimate grounds for the processing which override your interests, rights and freedoms or the processing is for the establishment, exercise or defence of civil claims.
12.3 Where the processing is based on consent or under or leading to a contract and the processing is carried out by automated means, you have the right to receive from us the personal data concerning you which you have provided to us and the right to transmit those data to another controller.
12.4 Where the processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
12.5 You have the right to lodge a complaint with the Information Commissioner’s Office, who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113 but we invite you to tell us first if you have any complaint, so that we can attend to it as soon as possible.
If you would like to exercise any of those rights, please:
- email, call or write to David Wallace,
- let us have enough information to identify you,
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request applies.