Last updated: 10.01.2021
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
What is personal information?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
How and when do we collect personal information?
We may collect information from you in the course of our business. This includes information that is gathered automatically when you use our website or when you choose to send personal information to us when you contact us to enquire about our services or to see how we may help you. This contact may be through the form on our website, by email or by telephone.
We collect information from you and others as part of our client acceptance process as necessary in the course of providing legal services to you.
We also collect personal information from you when you engage our legal services and during the course of delivering that legal service to you.
Or, we may gather information about you as a result of your relationship with one or more of our staff or clients.
What personal information do we collect and process about you?
When you view our website or associated social media, we may collect high-level information about the pages that you have viewed and your country of origin.
When you contact us, via our website, email or over the telephone, we may collect the following information:
- Name and job title;
- Contact information including email address and phone number;
- Demographic information such as postcode;
- Basic information about your employment, job title and your relationship to a person;
- Basic information about your immigration status or the nature of your legal issue;
- Any other information or documentation that you choose to provide when you tell us about your immigration issues using our web enquiry form.
When you engage our services we may collect and process additional information such as:
- Further information and documentation relating to your identification and background checks, required as part of our client acceptance process;
- Information you provide for the purpose of attending meetings with us, such as your dietary and travel needs;
- Financial information relating to payment of fees;
- Personal information provided by or on behalf of you (as a client) or generated in the course of providing our legal services to you. This may include special categories of data;
- Any other information relating to you which you may choose to provide to us.
Sometimes, assisting a client will also involve the client providing personal information to us about another individual. This personal information will also be received, retained, processed, stored and destroyed in accordance with this policy. We will only hold such indirectly received personal information and documentation relating to individuals other than our clients insofar as it is lawful and reasonably necessary to do so and in order to provide the legal service contracted for with our client.
What is the legal basis for retaining, using or in any way processing your information?
We use your non-personal and personal information on the following legal bases
- To perform a contract, such as assisting you (or our clients) with your legal matter when you instruct us or engage our services;
- To comply with legal and regulatory obligations;
- To establish or exercise a defence of legal claims or proceedings;
- For legitimate business purposes.
What do we do with your personal information?
Whytecroft Ford Ltd collects and processes information about you in a number of ways.
We use high-level data about visits to our website to help us to improve our website and make it more appealing and useful to our clients.
When you send us an enquiry and provide personal information, we use this to assist you as a potential client. We require this information to understand your needs and provide you with better service.
When you engage our services as a client, we collect, create, process, store and use personal information in the course of and in connection with the services that we provide to you. We will also process personal information for the purpose of the work that we do for you.
In summary, we use personal information :
- To improve our services, including this website;
- To provide information requested by you;
- To manage and administer our relationship with you and our clients;
- To provide legal services to you and to our clients;
- For the purpose of internal record keeping and to fulfil our legal, regulatory and risk management obligations;
- For the purpose of recruitment;
- From time to time, we may also use your information to contact you for market research purposes or to request a reference. We may contact you by email, phone or mail. We may use the information to customise the website according to your interests.
- We may periodically send you updates or newsletters about developments in immigration law or other information about us and our services which we think you may find interesting using the email address which you have provided (you may unsubscribe at any time).
What are cookies?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Some of the cookies we use are strictly necessary for our website to function, and we don’t ask for your consent to place these on your computer. These cookies are detailed below.
- First-party cookies: Cookies that WordPress places on your site.
- Third-party cookies: Cookies that are placed and used by third parties.
- Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
- Persistent (permanent or stored) cookies: These cookies are stored on a site visitor’s hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behavior or user preferences for a specific site.
- Strictly necessary cookies: These are the cookies that let your visitors browse through your site. They are also necessary for security reasons.
- Functional cookies: These cookies “remember” registered visitors/customers in order to improve their user experience.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you may modify your browser setting to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the website.
Links to other websites
Disclosing your personal information
In connection with work that we are undertaking for you, it may be necessary to disclose your personal information to third parties, such as the Home Office, or when we instruct experts on your behalf. We will not do this unless we have your permission or are required by law to do so.
Where necessary, personal information may (or may be required to) also be shared with regulatory authorities, courts, tribunals, government and law enforcement agencies. We will make reasonable efforts to notify you of such disclosures unless the law prevents us from telling you.
We may also share some of your personal information with trusted third parties with whom we have service contracts in place to assist us to deliver our service to you. This may include our professional advisers, solicitors, accountants and auditors, IT service providers and suppliers of cloud based IT infrastructure detailed below. A full list of the providers with whom we may share your personal information in order to run our business is maintained, reviewed and updated regularly. This list is available to clients upon request.
We will never sell, lease or hire any of your personal information to any third party for marketing or any other purpose.
Keeping your personal information safe
We are committed to ensuring that your information is secure, and use a variety of IT and physical measures to achieve this. In order to provide an efficient and modern service to you, we use a selection of carefully picked cloud-based service providers. These include WordPress, Blue Host, Google drive, Egress and Hubspot, a cloud-based case management system. We take great care to ensure that all of the providers with whom we share information and the platforms that we use comply with the highest levels of internet and online security. We have reviewed and approved their data security and privacy policies and have written contracts in place to safeguard your data.
Some of these service providers are hosted overseas and so using some of the platforms may involve transferring your personal data to locations from within to outside of the European Economic Area (“EEA”) and back again. The level of protection offered in some countries outside of the EEA may be less than that within the EEA. For this reason, we subject the security and data policies of overseas service providers to the highest levels of scrutiny. Where our service providers process your personal data outside of the EEA in the course of providing services to us, our written agreement with them contains appropriate measures that provide an appropriate level of data security.
Further, we have taken reasonable steps to protect your information against unauthorised access and against unlawful processing, accidental loss, damage and destruction.
However, any personal data submitted by you via our website or email is at your own risk.
How long will we keep your personal information?
Your personal information will be kept and stored safely and in accordance with our data retention policy. This policy sets out our retention period and destruction dates in relation to the various categories of data and personal information that we hold.
We will only retain personal information for the purpose for which it was collected and used and for as long as is reasonably necessary.
We will set and adhere to destruction dates that are proportionate and reasonable, taking into account our legal, regulatory and record keeping requirements to retain material for a minimum retention period, limitation periods for taking legal action, good practice and our business purposes.
What can you do to help?
We take great care to keep your information safe. Here are some of the things you can do to keep your information secure as well :
- If you are contacting us via email, ensure that the devices that you use are pin-locked and securely encrypted
- Ensure that you have a good level of encryption and virus protection on your computers, ipads, phones and any other electronic devices
- Keep any log-in details confidential
- Be vigilant and alert in relation to unsolicited emails that ask you to confirm any passwords or bank details or ask you to send money to a third party. These are likely to be fraudulent ‘phishing’ emails which is the illegal gathering of personal information by deception.
Access to your information and your rights
The GDPR provides certain rights for data subjects.
You are entitled to request details of personal information which we hold about you.
Please note, if you are requesting personal information held about you that has been provided to us by one of our clients in connection with their legal matter, it is unlikely that we will be permitted by law to provide this to you. Such material would be covered by legal professional privilege.
You have the right to request that personal information that we hold about you is rectified. If you believe that any information that we hold about you is incorrect, please contact us straight away to put this right.
You have the right to request that we delete the personal information that we hold about you. This is often referred to as the right to be forgotten. This will be subject to any regulatory or legal requirements that we may have to retain a copy of your personal data for a specified period.
You have the right to restrict our processing of your personal information, to stop unauthorised transfers to a third party and (in some circumstances) the right to have personal information that we hold transferred to another organisation.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.
Please note, that your objection or withdrawal of consent could mean that we are unable to continue to provide our services to you. Further, even after you have withdrawn consent, we may still be permitted or required to process your personal information in connection with our legal and/or regulatory obligations and in connection with exercising and defending our legal rights.
If you would like to exercise any of the above rights, please email us at [email protected]. Or write to us. We will respond to all requests for personal information to be provided, rectified, deleted, processing restricted or the data transferred within 14 days of receiving the written request by email or letter. If we are unable to comply with a request within 14 days, we will explain that to you and the reasons why, and tell you how long we need to comply with your request.
You also have the right to lodge a complaint in relation to our processing of your personal information with the Information Commissioner’s Office. More information and contact details are available on the UK Government website at https://www.gov.uk/data-protection/make-a-complaint.
We must ensure that your personal information is accurate and up to date. Please advise us of any changes to your information by email at [email protected].
If you have any queries in relation to the above please do not hesitate to contact Whytecroft Ford Ltd at [email protected].