Jackson Osborne (the firm) is registered with the Information Commissioner’s Office (ICO) as a data controller under the General Data Protection Regulations and the Data Protection Act 2018 (“Data Protection Legislation”). When we say ‘we’, ‘us’ or ‘our’ in this policy, we are referring to Jackson Osborne.
This privacy notice tells you how we use your personal information when you contact us with a view to seeking legal advice, become a client or if your information is passed to us as part of our involvement in acting for another client.
2. Lawful basis and purpose for processing
We will only process your personal information where we have a lawful basis for doing so. Under the Data Protection Regulations the following lawful bases for the processing of your personal information are applicable to our business:
(a) Contractual agreement
This applies when the decision is being made whether to enter a contract for legal services with us and during the performance of that contract once you engage us.
During the initial engagement process you will be given the opportunity to opt out of occasionally receiving information from us relating to our services. This is known as a ‘soft opt-in’ under the Privacy and Electronic Communications Regulations 2003 (PECR) and relates to marketing to a company’s existing clients or customers. You will have the opportunity to opt out at any time.
(b) Legal obligation
We may be required to provide your personal data in order to comply with a legal obligation, for example, as a part of legal proceedings.
(c) Legitimate interest
Sometimes it is in our legitimate interests to process your information, such as in the day-to-day running of our business or in the pursuit of legal claims. This lawful basis applies provided your interests and fundamental rights do not override those interests.
In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You are not required to agree to any request for consent from us.
Some of the above grounds for processing can overlap and there may be several grounds which justify our use of your personal information.
3. The kind of information we ask you for
(a) General personal information
We might collect, store, and use the following general personal information about you:
- Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
- date of birth;
- marital status and dependants;
- next of kin and emergency contact information;
- National Insurance number;
- financial information such as income, bank account details and tax status information;
- copy of driving licence;
- employment records;
- compensation history.
(b) Special category information
We may also collect, store and use “special category” or sensitive personal information such as (but not limited to):
- Information about your race or ethnicity, religious beliefs, sexual orientation and political opinions;
- trade union membership; and
- information about your health, including any medical condition, health and sickness records.
(c) Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to do so. This will usually be where such processing is necessary to carry out our obligations and provided we do so in line with the Data Protection Legislation.
Less commonly, we may use information relating to criminal convictions where it is necessary in relation to legal claims, where it is necessary to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
4. How do we collect information?
If you are a client, we collect personal information that you directly provide to us in the course of any matter in which you instruct us.
If you are not a client, we may receive your information from third parties, such as opposing solicitors or your employer, during the course of legal proceedings.
5. What do we do with it?
We will primarily use your personal information under contract with you to provide legal services. In addition, we may use it:
- to comply with any statutory and regulatory obligations;
- to deal with any query or complaint;
- to support our legitimate interests (or those of a third party) such as to enforce legal rights.
We may also use your information occasionally to help us improve and promote our services by:
- if you are an existing client, contacting you for feedback on our services;
- if you are an existing client, providing marketing information regarding the services or products that we offer (you can opt-out at any time);
- otherwise where you have given your specific consent.
6. How long do we keep it?
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will usually retain your information relating to any matter for a period of between 1 and 7 years following the conclusion of or absence of instruction in the matter.
We may retain your name, contact details and brief details of any matter on which you instructed us for a longer period for the purpose of notifying you about our services, though you may withdraw your consent at any time.
7. What we do to look after your information
We have measures in place to prevent your personal information from being altered, disclosed, accidentally lost, used or accessed in an unauthorised way.
We limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. All those who work with your data on our behalf are required to comply with the Data Protection Legislation.
We have put in place procedures to deal with any suspected data security breach and will notify the regulator (ICO) of a suspected breach where we are legally required to do so. We will notify you if there is a high risk to your rights and freedoms as a result of a breach.
8. Who we share your information with
We may have to share your data with other parties and their legal representatives in disputes.
We may also need to share your data with third-parties during the course of pursuing your interests or the legitimate interests of the company. Examples include but are not limited to:
- our auditors
- regulatory authorities
- human resources consultants, or
- insurers who are providing cover in respect of a matter on which you have instructed us.
We require third parties to respect the security of your data and to treat it in accordance with the law.
9. Transferring your data to another country
The firm uses Microsoft support and your personal information will be held on a server in the UK. Our agreement with Microsoft ensures your personal information is treated in a way that is consistent with and which respects the EU and UK laws on data protection.
10. Your data protection rights
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. There may be reasons why we are not obliged to or cannot for legal reasons comply with your request.
(a) Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
(b) Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies although, as mentioned above, there may be reasons why we are not obliged to or cannot for legal reasons comply with your request.
(c) Your right to erasure
You have the right to ask us to erase your personal information if you feel that there is no good reason for us continuing to hold or use it.
(d) Your right to restriction of processing
You have the right to ask us to restrict the processing of your information, for example if you want to establish its accuracy or our reasons for processing it.
(e) Your right to object to processing
You have the right to object to processing if we are able to process your information because it is in our legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
(f) Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you provided to another party, or give it to you.
(g) Your right to complain
If you consider that our processing of your personal information infringes the data protection legislation, you have a right to complain to the UK regulator, the Information Commissioner’s Office (ICO).
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
11. Who to contact if you have a personal information query
Jackson Osborne is the data controller for the personal information we process unless otherwise stated.
There are many ways you can contact us including by phone, email and post. For ‘snail mail’ post, you should write to:
The Data Controller, Jackson Osborne
Merlin House, 1 Priory Drive, Langstone Business Park, Newport, NP18 2HJ
Telephone: 01633 759 618
Queries or subject data access requests should be directed to your principle point of contact in the firm. If you do not have a point of contact, put the heading ‘Personal information request’ in the first line of your email or letter, or on ringing our office say that you have a personal information request.
12. Automated decision-making
We do not conduct automated decision-making or profiling.
13. Changes to this notice
We reserve the right to update this Privacy Notice at any time. It was last updated on 03 September 2018.