Privacy Policy for Woolf Simmonds Solicitors

Effective Date: July 24, 2024

At Woolf Simmonds Solicitors, we are committed to protecting the privacy and confidentiality of our clients' information. As a legal services provider, we are entrusted with highly sensitive personal and confidential data. This Privacy Policy outlines how we collect, use, store, share, and protect your personal information in accordance with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant professional obligations such as attorney-client privilege and professional secrecy.

1. Our Services

Woolf Simmonds Solicitors provides a range of legal services, which may include, but are not limited to:

• Corporate Law and Commercial Contracts
• Litigation and Dispute Resolution
• Family Law
• Real Estate and Property Law
• Intellectual Property Law
• Employment Law
• Immigration Law
• Estate Planning, Wills, and Probate
• Legal Consultation and Advisory Services
• Contract Drafting and Review
• Representation in Courts and Tribunals

2. Information We Collect

In the course of providing our legal services, we may collect various types of personal information from you, depending on the nature of your case or inquiry. This information may include:

• Identity Data: Name, title, date of birth, gender, marital status, nationality, passport/ID details, professional titles, and other similar identifiers.
• Contact Data: Billing address, delivery address, email address, telephone numbers, and other communication preferences.
• Financial Data: Bank account details, payment card details, income, assets, liabilities, tax information, credit history, and other financial records necessary for legal matters.
• Case-Related Data: Information directly related to your legal matter, which can be highly sensitive and may include:
  • Special Category Data:
    • Health Data: Medical records, diagnoses, health conditions, mental health information (e.g., for personal injury claims, disability cases, family law matters).
    • Biometric Data: If relevant to a specific legal case (e.g., for identity verification in certain contexts, or forensic analysis in criminal cases).
    • Racial or Ethnic Origin, Political Opinions, Religious or Philosophical Beliefs, Trade Union Membership, Sex Life or Sexual Orientation: Where relevant and necessary for the legal matter (e.g., discrimination claims).
  • Criminal Convictions and Offenses Data: Information relating to past criminal offenses, investigations, or legal proceedings (e.g., for criminal defense, immigration, employment background checks, regulatory matters).
  • Family Details: Information about family members, relationships, children (e.g., for family law, estate planning).
  • Employment Details: Employment history, salary, performance reviews, disciplinary actions (e.g., for employment law disputes).
  • Transactional Data: Details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data: Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or services.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
• Publicly Available Information: Information obtained from public sources, such as public registries (e.g., Companies House, Land Registry), court records, or online platforms, if relevant to your legal matter or for conflict checks.
• Information from Third Parties: We may receive information about you from third parties, such as other law firms, opposing parties, expert witnesses, financial institutions, or public authorities, where necessary for the provision of our services or as permitted by law.

3. How We Collect Your Information

We collect information through various methods, including:

• Direct Interactions: When you contact us by phone, email, or in person for an inquiry, consultation, or to engage our services. This includes information you provide on forms, applications, or during meetings.
• Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies and other similar technologies.
• Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources as set out above.

4. How We Use Your Information

We use your personal information primarily to provide our legal services and to manage our business operations. The legal bases for processing your data under UK GDPR typically include:

• Performance of a Contract: To fulfill our contractual obligations to you, such as preparing legal documents, representing you in court, or providing legal advice.
• Legal Obligation: To comply with legal or regulatory obligations, such as anti-money laundering (AML) checks, professional conduct rules (e.g., Solicitors Regulation Authority (SRA) requirements), or court orders.
• Legitimate Interests: Where necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes improving our services, managing our client relationships, and ensuring the security of our systems.
• Consent: In specific situations, we may ask for your explicit consent to process certain types of personal information, especially sensitive data (Special Category Data), where other legal bases are not applicable (e.g., for certain marketing activities). You have the right to withdraw consent at any time.
• Exercising or Defending Legal Claims: Processing of special category data is often necessary for the establishment, exercise, or defence of legal claims.
• Substantial Public Interest: Where processing is necessary for reasons of substantial public interest, based on UK law, for example, for regulatory purposes.

Specifically, we use your information for the following purposes:

• To provide legal advice and representation.
• To manage our client relationship, including billing and communication.
• To perform due diligence and conflict checks.
• To comply with anti-money laundering (AML) and other regulatory obligations.
• To manage and administer our website and IT systems.
• To improve our services and understand client needs.
• To send you legal updates, newsletters, or other communications that may be of interest to you (with your consent where required).
• To defend our legal rights or pursue legal claims.

5. Disclosure of Your Information

We take client confidentiality seriously and will only disclose your personal information in limited circumstances, in accordance with our professional obligations (including attorney-client privilege and professional secrecy) and applicable laws:

• Within Our Firm: To lawyers, paralegals, and administrative staff who require access to your information to provide legal services or manage our operations. All personnel are bound by strict confidentiality obligations.
• To Third-Party Service Providers: We may share your data with trusted third-party service providers who assist us in delivering our services, such as:
  • IT service providers (for data storage, software, and system maintenance).
  • Financial institutions and payment processors.
  • Barristers, expert witnesses, or other legal professionals as required for your case.
  • Translation services.
  • Auditors and professional advisors.
  • Archiving and document management services.

  We ensure that all such third parties are subject to appropriate data protection and confidentiality agreements.

• As Required by Law or Legal Process: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights or property, or ensure the safety of our clients or the public (e.g., for reporting suspected money laundering activities).
• With Your Consent: We will share your information with other parties if you provide us with your explicit consent to do so.
• Successors in Business: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity.

We do not sell or "share" (as defined by certain privacy laws) your personal information for purposes of cross-context behavioral advertising.

6. International Transfers

We are based in the United Kingdom. When we transfer your personal data outside the UK or the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government (e.g., adequacy regulations).
• Where we use certain service providers, we may use specific contracts approved by the UK Information Commissioner's Office (ICO) which give personal data the same protection it has in the UK (e.g., International Data Transfer Agreement (IDTA) or the International Data Transfer Addendum to the EU Standard Contractual Clauses).
• Where we use providers based in the US, we may transfer data to them if they are part of a recognised data transfer framework (e.g., UK Extension to the EU-US Data Privacy Framework) or have appropriate safeguards in place.

7. Data Security

We have implemented appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements (e.g., statutory limitation periods for legal claims, regulatory obligations for client records under SRA rules).

Due to our professional obligations, particularly those related to client files and professional secrecy, certain data may be retained for extended periods as required by the Solicitors Regulation Authority (SRA) or other legal regulations.

9. Your Legal Rights

Under UK GDPR, you have rights in relation to your personal data. These may include:

• The right to be informed: About how your personal data is collected and used.
• The right to access: To request a copy of the personal data we hold about you.
• The right to rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.
• The right to erasure ("the right to be forgotten"): To request the deletion of your personal data in certain circumstances.
• The right to restrict processing: To request that we limit the way we use your personal data in certain circumstances.
• The right to data portability: To request to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• The right to object to processing: To object to our processing of your personal data in certain circumstances, including for direct marketing.
• Rights in relation to automated decision-making and profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the details provided in Section 11. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

10. Cookies

Our website uses cookies to enhance your experience. These are small text files placed on your device to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

As you have indicated you do not have a separate Cookie Policy, this section provides a basic explanation. For more detailed information on specific cookies used, their purpose, and how to manage them, you may consider adding a dedicated Cookie Policy page in the future.

11. Contact Us

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the updated policy on our website at www.woolfsimmonds.com with a new "Effective Date." We encourage you to review this policy periodically.