The Data Protection Act 2018 (“DPA 2018”) and the General Data Protection Regulation (“GDPR”) impose certain legal obligations in connection with the processing of personal data and we are required by law to provide you with information in this respect. We also care about your privacy and wish to ensure that it is protected.
The Privacy Notice applies to all our clients who are individuals but not to corporate clients. We may amend this privacy notice from time to time. Our current Privacy Notice will be available on our website or a copy can be sent to you on request.
Marshalls is a Data Controller within the meaning of the GDPR and the firm’s Data Protection representative is Nathan Dyke. Marshalls does not have a Data Protection Officer.
Marshalls may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.
We may collect personal information and data from or about you if you are a client, a prospective client, a visitor to our website or a third party who is relevant to the service we are providing to a client e.g. a family member, employer or employee, beneficiary, trustee or another party in a dispute. We may record and retain details of your name, contact details, ID and any other personal data given to us by you or others in connection with the work we are doing and to enable us to advise our clients properly. We intend to process personal data for the following purposes:
It is a requirement of our contract with you that you provide us with the personal data that we request. If you do not provide the information that we request, we may not be able to provide professional services to you. If this is the case, we may not be able to commence acting for you or may need to cease to act for you.
We will not share your personal data with anyone without your consent unless it is appropriate or necessary in relation to the work you have asked us to do or where we are obliged to do so in law or by our professional bodies. We may share your personal data without seeking your consent with:
If you ask us not to share your personal data with any such third parties we may need to cease to act for you.
The transmission of information via the internet and by email are not completely secure and any electronic communications with us are at your own risk. Please note that we will never notify you of any change in our banking details by email. If you are in doubt about our banking details please call us to check them. We cannot accept any responsibility if you transfer money into an incorrect account.
We do not operate outside the UK. However, we may be required to share your data with persons or organisations outside the UK if this is relevant to the work you have asked us to do for you. This may involve a transfer of personal information from a location within the European Economic Area (EEA) to outside the EEA or vice versa. The level of data protection outside the EEA may be less that within the EEA. Once we have released your personal data to a third party we will no longer have control over it or be able to ensure its safety.
When we have completed the work you have asked us to do for you the paper file will be stored on our premises in accordance with the firm’s storage policy. Our Terms and Conditions of Business provide details of the amount of time we normally store files, papers and documents. Electronic storage may be indefinite and this enables us to retrieve information from a closed file that may be useful for you or relevant to you in future. We may retain your personal details in our records indefinitely as this will enable us to check in future if we have acted for you previously and if there are any conflicts of interest. We are required to keep accounting records for any regulatory limitation periods after conclusion of your matter and thereafter such records will continue to be retained by us as part of our integrated accounts system.
You have a right to request access to the personal data that we hold for you (these are known as “Subject Access Requests”) although we may need to keep it confidential and not release it to you in certain circumstances. You also have the right to ask us to rectify any information we hold about you or, in certain circumstances, to erase it.
Please send any such requests to Nathan Dyke together with sufficient information to enable us to identify you and your matter/s such as your full name and address (and your previous address if you have moved since we last acted for you) and the matter number if you know it. You may be asked to provide us with proof of identity such as a copy of your passport or driving licence and a recent utility bill or bank statement.
If we have asked you for specific consent to enable us to process some of your personal data, you have the right to withdraw your consent to this at any time. Please inform Nathan Dyke immediately if you wish to withdraw your consent. Please note that if you withdraw your consent:
If you have a complaint about the way we have processed your data or if you think we have not complied with the GDPR or the DPA 2018 in any way please contact Nathan Dyke and we will try to put things right. If you are not happy with our response you have the right to lodge a complaint with the ICO (telephone 0303 123 1113 www.ico.org.uk).