- DATA CONTROLLER
This privacy notice provides you with details of how we collect and process your personal data. We are required to notify you of this information under data protection legislation, including the General Data Protection Regulation. Please ensure that you read this Notice carefully and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Middleton Law Ltd registered at 4 Prince of Wales Close, Waterlooville, PO7 8JD is the Data Controller for the purpose of relevant data protection legislation, including the General Data Protection Regulation (“GDPR”) for the information which it collects for marketing, recruitment and employment purposes.
- LEGAL BASIS
Your data will be processed on the basis that Middleton Law Ltd has a legitimate interest in being able to achieve the aims of processing set out below. Where special category data is provided, the provider of the data warrants that they consent to Middleton Law Ltd processing that data or that they have obtained written consent from the data subject.
- WHAT INFORMATION DO WE COLLECT ABOUT YOU?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at firstname.lastname@example.org.
We may process the following categories of personal data about you:
- Communication Data – any communication that you send to us (e.g. through email, text, social media messaging, social media posting or any other communication that you send us). We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims.
• Customer Data – data relating to any charges for services/goods such as your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the services and to keep records of such transactions.
• Technical Data – data about your use of our website and online services such as your IP address, login data, details about your browser, length of visits, page views and other technology on the devices you use to access our website. The source of this data is our analytics tracking system.
• Marketing Data – contact details for you (e.g. name, address or location, email address and telephone number) data about your marketing and communication preferences, ‘CRM’ data relating to exchanges we have had with you over different mediums (e.g. email or telephone or in person).
3.1 SENSITIVE DATA – We do not routinely collect any Sensitive Data about you, although you may provide it in the course of providing instructions. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sexuality, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect information about criminal convictions or offences.
3.2 FAILURE TO PROVIDE DATA – Where we are required to collect personal data by law, or under the terms of the contract between us, we may not be able to provide services to you if you do not provide us with that data when requested, but if that is the case we will notify you at the time.
A cookie is a small file which is placed on your computer’s hard drive to help analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual and tailor its operations to your needs by gathering and remembering preferences.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may however limit some functionality and prevent you from taking full advantage of the website.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and to identify ways to improve our website to better tailor it to our customer needs. We only use this information for statistical analysis purposes.
We use Google Analytics to collect data on our how our users are using our site and their demographics (age, gender) and interests to evaluate how our users’ behaviour varies by demographics and interests in order that we can improve our content, marketing and services.
More information on controlling cookies at: aboutcookies.org (provided by Pinsent Masons).
- MARKETING COMMUNICATIONS
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications and in each case you have not opted out of receiving such communications since. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.
We do not share your personal data with any third parties for their own marketing purposes. You can update your marketing preferences or unsubscribe from communications from us at any time by emailing email@example.com. If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions/services.
- SHARING YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT, marketing and system administration services.
• Professional advisers including other lawyers, bankers, auditors and insurers.
• Government bodies that require us to report processing activities.
• Partners who deliver our services on our behalf.
• Third parties to whom we may sell, transfer, or merge parts of our business or our assets. We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
- TRANSFER OF DATA OUTSIDE THE EEA
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the EEA and so we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards applies:
- European Commission approved as providing an adequate level of protection for personal data;
• Specific contracts or codes of conduct or certification mechanisms approved by the European Commission are in place to give personal data the same protection it has in Europe;
• If US-based providers then that they are part of EU-US Privacy Shield.
If none of the above safeguards is available, we may request your explicit consent to the specific transfer.
You will have the right to withdraw this consent at any time.
- DATA SECURITY
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.
- DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When deciding how long to keep the data we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements. The law requires us to keep basic information about our customers (including Contact details, Identity, Financial and Transaction Data) for six years after they stop being customers.
- YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individualrights/
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org .
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would however be grateful if you contact us first so that we can try to resolve any issue for you without the need of recourse to the ICO.