Please note the policy may change from time to time so please check this policy from time to time to make sure you are happy with any changes made.
This policy sets out the information you need to know to understand how we will process and protect your information.
For the purpose of The General Data Protection Regulation (GDPR), the data controller is Double and Megson, 11 Market Place, Market Deeping PE6 8EA.
The Information we collect about you
We collect information through face to face meetings, telephone conversations, e-mails, other written correspondence or our web based enquiry form.
The information you give us may include your name, address, e-mail address and phone number, gender, financial information (such as bank details as well as bank statements for anti-money laundering and regulatory requirements) and other personal details relating to your affairs and circumstances. We will only collect relevant information necessary to allow us to provide our service to you, or discharge our legal responsibilities.
How we make use of the Information about you
We will only collect relevant information necessary to allow us to provide our service to you, or discharge our legal responsibilities. We will use your personal information in the following circumstances:
- Where we need to the contract we have entered into with you
- Where the need to comply with a legal obligation
- Where it is necessary for our legitimate interest (or those of third parties) provided your interests and fundamental rights do not override those interests
- Where we need to protect your interests (or someone else’s)
- Where it is needed in the public interest or for official purposes
We will ensure that all personal information supplied is held securely in accordance with the General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018.
How long do we keep your data for?
Double and Megson will not retain your personal information longer than necessary. We will hold onto the information you provide either while your matter is active, or as needed to be able to provide the Services to you for as long as is.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after your matter has concluded or it is no longer needed to provide the Services to you.
Sharing your information with third parties
We may have to share your data with third parties, including other professional advisers, third-party service providers and other related entities. We require third parties to respect the security of your data and to treat it in accordance with the law.
We will never share or sell your personal information to any other third party. We will only share your personal information with another third party where we are required to do so by court order or law. For example, we may also need to share your information with our bank or our regulators to comply with anti-money laundering and regulatory obligations.
Where we store your information
Your personal information will be hosted securely as 2 data centres within the UK.
Transferring information outside the EEA
We will only transfer the personal information we collect about you outside the EEA in relation to international clients or when dealing with an international matter where such transfer is necessary in order to perform our contract with you
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Double and Megson do not currently use any web analysis services to analyse the use of our website.
Your rights of Access, Correction, Erasure and Restriction
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact our Data Manager in writing.
We have appointed a Data Privacy Manager to oversee compliance with this privacy notice. Our Data Privacy Manager is Jay Shah. You can contact him at email@example.com or via our postal address 11 Market Place, Market Deeping PE6 8EA. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact Jay Shah. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.