- Swansea (Main) 01792 773 773
- Cardiff 03333 209 242
- Carmarthen 01267 234 022
- Fishguard 01348 873 671
- Haverfordwest 01437 764 723
- Rural Practice 01267 266 944
- St Davids 01348 873 671
- Please note that all phone calls are recorded
JCP Solicitors Limited (JCP) is committed to respecting the privacy of our clients and contacts and all visitors to our website. This notice does not apply to any websites that may have a link to ours.
If you are a client you should read this notice alongside our letter of engagement, terms of engagement, privacy notice and data processing consent form which were provided to you at the start of your matter.
1 Who we are
2 What data does JCP process?
3 How does JCP use this data?
4 Processing grounds
5 Who has access to your data?
6 How long will we keep it for?
8 Disclosure of your data
9 Protection of your data
10 Your Rights
11 Changes to this policy
14 Google analytics
15 Complaints about the use of personal data
- JCP is a ‘Data Controller’ and gathers, uses and stores certain data about you.
- JCP is a private limited company, authorised and regulated by the Solicitors Regulation Authority under number 627055.
- Our Data Protection Officer can be contacted by email on firstname.lastname@example.org or on 01792 773 773.
What data does JCP process?
From our website
When you use our website forms you choose which data you supply to us.
You may use forms:
- To submit a general enquiry
- To request a quotation for a specific service
- For general data on a specific service
- To join or unsubscribe from our mailing list
- To sign up to attend an event
You may be asked to provide certain data so that we can carry out your request. If you are attending an event you may provide dietary or access requests.
We will separate the data we collect on our website enquiry forms into two parts:
- Form summary
The data about the form activity for example, date/time, form title, channel, user’s email.
Details will be retained on the website but made anonymous after 60 days, which includes the removal of your email address.
- Form detail
Everything else (i.e. the contents of the form) which may often include personal data.
This form detail will only be held on the website for 60 days.
Your website enquiry form is sent directly by email to the team in which the enquiry is intended. The personal data provided will be retained for as long as is deemed necessary, by contract or by law to carry out the function for which it was submitted.
For legal work
We will need data from you in order for us to confirm your identity for example, your date of birth, address, full name, details relating to the nature of your enquiry as well as your contact data.
The data that we need depends on the nature of your matter, and the reasons we need this data will be explained to you by the person dealing with your matter and/or set out in our letter of engagement, terms and conditions of business and privacy notice, depending on the nature of your matter.
What we need
The data we will request from you will depend on what you have asked us to do. If you are a client or prospective client you may need to provide us with the following personal data:-.
Personal data - This is the general data that you supply about yourself, for example,:-
Identity data includes:-
- First name
- Middle name
- Maiden name
- Last name
- Username or similar identifier
- Marital status
- Date of birth
- National Insurance Number
- Passport Number
- Driving Licence Number
Contact data includes:-
- Billing address
- Delivery address
- Email address
- Telephone numbers
- Financial Data includes:-
- Bank account numbers
- Sort codes
- Mortgage account numbers
- Loan account numbers
Transaction data includes:-
- Details of payments to and from you
- Details of services you have instructed us to undertake on your behalf
Technical data includes:-
- Internet Protocol (IP) address
- Your login data
- Browser type and version
- Time zone setting and location
- Browser plug-in types and versions
- Operating system and platform
- Other technology on the devices you use to access our website
Profile data includes:-
- Your username and password
- Purchases or orders may by you
- Your interests
- Your preferences
- Feedback and survey responses
Usage data includes:-
- Data about how you use our website, products and services
Marketing and communications data includes:-
- Your preferences in receiving marketing from us and your communication preferences
Sensitive personal data
This is, by its nature, more sensitive data and may include:-
- Your racial or ethnic origin
- Criminal convictions
In the majority of cases, personal data will be restricted to personal data which is required complete ID checks. However, in some instances, we may require sensitive personal data depending on your query.
Why we need it
The primary reason for asking you to provide us with your personal data is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples of what we may use your personal and sensitive personal data for:-
- Verifying your identity
- Verifying source of funds
- Communicating with you
- Establishing funding of your matter or transaction
- Obtaining insurance policies on your behalf
- Processing your legal matter
- Keeping financial records of your transactions and the transactions we make on your behalf
- Seeking advice from third parties, for example, legal and non-legal experts
- Responding to any complaint or allegation of negligence against us
If you fail to provide your personal data
If you fail to provide us with the personal data we have requested we may not be able to carry out the legal services and/or the contract we have entered into with you. You will receive notification if we have to cancel our contract with you.
We may also receive data about you from third parties, for example, estate agents, accountants, banks, surveyors, medical professionals, courts, regulatory bodies and other advisors and specialists related to your matter. We may also receive data about you if you are involved in a transaction or dispute with one of our clients or have a connection with them for example if you are a tenant or an employee of a client.
Legal services are generally only provided to children when they are represented by a parent or guardian. We do not aim our services, or our marketing materials, for example, our website and our social media, specifically at those aged under the age of 18. If you are under the age of 18 and need legal advice or further explanation on this or how we may use your data, please email email@example.com or on 01792 773 773.
Return to top
We will use your data for the specific purpose(s) for which it has been provided or collected by us, for example:-
- To provide data that you request regarding the services that we offer
- To contact you to introduce you to our people
- To provide you with legal services
- To engage other specialists advisors in relation to your matter
- To comply with our statutory and regulatory obligations
- To verify your identity for anti-money laundering purposes
- Fraud prevention
- Data /analytics /enhancing, modifying or improving our services
- To book you onto a course or event
- To administer your application for a vacancy
- To deal with your feedback, query or complaint
- To contact you for your views on our services
- To administer, support, improve and develop our business generally and to enforce our legal rights
To process your personal data we must have a lawful basis to do so. This will vary on the circumstances of why and how we have your data, but typical examples include:-
- The activities are within our legitimate interests as a law firm seeking to engage with and provide services to prospective and current clients
- You have given consent for us to process your data
- We are carrying out necessary steps in relation to your contract with us or in contemplation of your contract with us
- The processing is necessary for compliance with a legal obligation to which we are subject, for example, to certify your identity under our anti-money laundering requirements including carrying out electronic ID checks
- To protect your vital interests, for example, to protect you (or someone else) where there is evidence of danger to you (or someone else’s) health and/or safety
Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
If we process any special categories of data i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, processing of genetic or biometric data for the purpose of uniquely identifying individuals, health data, or data concerning your sex life or sexual orientation, we must have a further lawful basis for the processing. This may include:-
- Where you have given us your explicit consent to do so, for example, to cater for your medical or dietary needs at an event
- Where the processing is necessary to protect your interests or someone else's interests
- You have made the data public
- The processing being necessary for the establishment, exercise or defence of legal claims
- The processing being necessary for reasons of substantial public interest
Who has access to your data?
Your personal data will not be passed to any third parties for marketing purposes.
Generally, we will only use your personal and sensitive personal data within JCP. However, there may be circumstances, in carrying out legal work, where we may need to disclose some data to third parties, for example:-
- HM Land Registry to register a property
- HM Revenue & Customs, for example:-. for Stamp Duty Liability
- Court or Tribunal
- Solicitors acting on the other side
- Asking an independent Barrister or Counsel for advice, or to represent you
- Non-legal experts to obtain advice or assistance
- Translation agencies
- Contracted suppliers
- External auditors or our Regulators, for example, Lexcel, SRA, and the ICO
- Bank or Building Society or other financial institutions
- Insurance Companies
- Providers of identity verification
- Any disclosure required by law or regulation, for example, the prevention of financial crime and terrorism
- If there is an emergency and we think you or others are at risk
In the event that any of your personal data is shared with third parties, we will use all reasonable endeavors to ensure that they comply with the data protection legislation and they do not use your personal data for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
Return to top
Your personal and sensitive personal data will be retained as follows:-
In electronic and/or paper format
- For as long as necessary to fulfil the purposes for which the data was collected
- As long as required by law or regulation
- As long as is set out in any relevant contract between you and us
- As long as necessary to carry out the legal work JCP has been instructed to undertake
- For an indefinite amount of time in certain types of matters, for example, documents relating to wills, trusts and unregistered property
When you become a client of JCP we may use your personal data to send you marketing communications we feel adds value to the legal services that we provide. We may invite you to attend events that we believe would be of interest to you, or send you information that is useful to your personal legal needs or the legal needs of your business or profession. It is within our legitimate interest to use your personal data in this way.
If you are not a client but a professional contact it is within our legitimate interest to invite you to hospitality events or other selected events and/or send you information that we think may be of interest to your business or profession.
If we have an ongoing relationship we may contact you with our communications via:
- Text message
- Social media
All marketing communication will offer you the chance to opt out or update your preferences at the point of receiving the communication. We will generally use email to stay in contact with you unless you have contacted us to amend your preferences.
In the case of social media messages, you can manage your social media preferences via that social media platform.
We will no longer contact you if we have not heard from you for more than 3 years. This contact could include attending one of our events or opening one of our emails.
We will never pass or sell your details to a third party and you may unsubscribe, amend your preferences or any inaccuracies at any time by emailing firstname.lastname@example.org or telephoning 01792 773 773.
Return to top
In some instances, we will have to transfer, store and require the processing of data by third parties on our behalf.
These third parties may include:-
- IT and website providers
- Administrative and support services
- Professional advisers
- Anyone to whom we are obliged to disclose data under certain laws or by order of the Court
Return to top
We have taken steps to minimise the risk of loss, misuse and unauthorised processing of your Data.
Where we transfer data to third parties to enable them to process it on our behalf, we will use all reasonable endeavors to ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.
We will use all reasonable endeavors to ensure that where data is transferred to a country or international organisation outside of the UK / EEA, we will comply with the relevant legal rules governing such transfers.
Return to top
You have certain rights in relation to your personal data, although those rights will not apply in all cases or to all data that we hold about you. For example, we may need to continue to hold and process data to establish, exercise or defend our legal rights.
You rights are as follows:-
- The right to be informed about our processing of your personal data.
- The right to request access about your personal data and data about how we process it. You have the right to request a copy of your personal data known as a Subject Access Request. A request for access to your personal data means you are entitled to a copy of the data we hold on you. A Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
- The right to rectification of any inaccurate or incomplete data that JCP stores and uses be rectified and to have incomplete personal data completed.
- The right to erasure (also known as ‘the right to be forgotten’) is the right to request the deletion or removal of personal data where there is no compelling reason for JCP to continue processing the same. JCP will refuse to comply with a request for erasure where the personal data is processed for the following reasons:-
- To exercise the right of freedom of expression and data
- To comply with a legal obligation for the performance of a public interest task or exercise of official authority
- The exercise or defence of legal claims
- The right to restrict processing allowing you to ‘block’ or suppress processing of your personal data. In this instance JCP are still permitted to store your personal data, but not further process it.
- The right to data portability allowing you to obtain and reuse your personal data for your own purposes across different services. This right allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This means that should you wish to action this right, JCP will provide your personal dated to you in a structured, commonly used and machine readable form.
- The right to object to processing of your personal data.
- Rights in relation to automated decision making and profiling JCP do not use profiling or any automated decision making.
To exercise any of the above rights please email email@example.com or telephone 01792 773 773.
You have the right to complain to the Data Commissioner’s Office (ICO). It has enforcement powers and can investigate compliance with data protection law. Please visit the ICO website for further details.
We will respond to your request (including providing data on whether the rights apply in the particular circumstances) within the applicable statutory time period. If we are not sure of your identity, we may require you to provide further data in order for us to confirm who you are.
Return to top
Data anonymisation and aggregation
We may convert your data into statistical or aggregated data which cannot be used to identify you to produce statistical research or reports.
Return to top
This policy is subject to change in line with our internal practices and/or applicable changes in the law. Your personal data will continue to be used and processed in a way that is consistent with the original purpose. We will notify you wherever possible and if applicable to you at the time if changes are made.
Return to top
- We DO NOT store personal information in cookies
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other data) - Google uses this data to prepare site usage reports for us, but Google may also share this data with other Google services. In particular, Google may use the data collected to contextualize and personalise the ads of its own advertising network. Related data:
Complaints about the use of your personal data
If you wish to raise a complaint about on how we have handled your personal data, you can contact our Data Protection Officer on firstname.lastname@example.org or on 01792 773 773.