Kenneth M Barrow & Co
We take your privacy very seriously and take all appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data that you share with us and that we hold about you, including how we collect, process, protect and share that data.
What is ‘Personal Data’
Personal data means any information that may be used to identify you as an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we obtain your personal data
Information provided by you
You first provide us with personal data when you contact us to discuss instructing us to assist you with the legal issue you have enquired about. You do this either by meeting with us, or by an online or email enquiry, or by a telephone call. This data includes amongst other things your name, address, date of birth, email address.
We may also keep information contained in any correspondence you may have with us by post or by email or that we note down in a telephone conversation with you.
To enable us to properly act on your behalf we also may obtain sensitive medical information directly from you or from your GP, or a hospital, or other medical institution where you have or are receiving treatment. Please note the provision of sensitive medical information is subject to you giving us express consent. If we do not receive this consent from you, then we are unable to obtain any sensitive medical information about you. We will only ever seek your consent to obtain sensitive medical information where it is necessary.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name. address, email address, date of birth, etc.) as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR).
How we use your personal data
We use your personal data:
Do we use your personal data for marketing purposes?
We will only do this where we are holding your data because we consider we have a legitimate interest to do so and where we have conducted a legitimate interest assessment as recommended by the Information Commissioner’s Office. In these limited circumstances we might contact you by any reasonable means to inform or advise you of the services we can provide. You would then have the right to require us to then stop the marketing to you and in that event we would of course no longer contact you for any marketing purposes.
Information about cookies
We will keep information about you confidential but we will from time to time share your personal data with other third parties where this is necessary for one of the reasons stated above “How we use your personal data and why we use it”. We require all third parties who we provide with your data to respect the security of your data and to process this in accordance with the law.
Transfer of your personal data outside of the European Economic Area (EEA)
We do not currently transfer your personal data outside the EEA if in the future we transfer your personal data, in accordance with the terms of this Policy outside of the EEA, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.
How long do we keep this information about you?
We keep information in line with our own retention policy and as required by law or our professional regulator. These retention periods are in line with the length of time we need to keep your personal information to be able to act on your behalf and after that is concluded, to answer any questions you might have and to enable us to inform you of any other services that we provide that might be of interest or of use to you. They also take in account our need to maintain records to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases, our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you as the “data subject” the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing supplementary statement
Right to erasure
You, the data subject, shall in the majority of circumstances have the right to obtain from us the erasure of personal data concerning you without undue delay. Where you have requested that we erase your personal data and we consider that we cannot or should not do so we will inform you of this as soon as possible and in any event within 28 days and provide you with the reason why we have refused your request.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where:
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you; unless we have a reason that supercedes this, in which case we will inform you and discuss this with you.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data
Invoking your rights
More information about your data subject rights can be found on the Information Commissioner’s Office website: www.ico.org.uk.
If you would like to invoke any of the above data subject rights with us, or have a complaint about the use of your data you should contact us by either writing to us at our office address of 15/16 Adelaide Row, Seaham, County Durham, SR7 7EF and address your letter to Mr Sunny Singh Thandi or you should email us at firstname.lastname@example.org and address your email to Mr Sunny Singh Thandi.