At Covent Garden Family Law Ltd (CGFL) we are committed to ensuring that your privacy is protected. The following statement explains how we will use any personal data that we have collected from you. Where we ask you to provide information that means you could be identified when using our services, you can be assured that it will only be used in line with this privacy statement. Please note, this policy may change from time to time, however the latest version will be found on our website, or you can request a copy directly from us.
- Data controller / who we are
Where data is collected, processed and stored by CGFL we are what is known as the ‘data controller’ of the personal information you provide to us.Covent Garden Family Law Ltd (Co. Reg. 11013024) is authorised and regulated by the Solicitors Regulation Authority under number 644091 The firm is also registered with the Information Commissioner (Reg. Z2145206. For any questions with regards to this policy or the way that we manage your data please contact our Practice Manager, whose details can be found on our website.
As part of working with our clients and dealing with family matters we may hold data on children. Generally they are represented by their parents or guardians who have been requested to provide consent to use a child’s personal data.
If you are a child and are concerned or would like to understand about how we would use your data please ask the person in the firm who is working with your family. We will then arrange to speak to you to answer any questions that you may have.
- What we need
Any information that we ask you to provide will be dependent on what you have asked, or instructed, us to address on your behalf.
Under the GDPR (General Data Protection Regulations) 2018 there are two types of personal data (personal information) that you may provide to us:
- Personal data: is the general information that you supply about yourself – such as your name, address, gender, date of birth & contact details.
- Sensitive personal data: is, by its nature, more sensitive information. It may include your racial or ethnic origin, religion, health or criminal convictions. It may also include other personal and financial details relevant to your matter.
The nature of the services that we provide regularly require us to hold and use sensitive personal data in the furtherance of your matter. We ask for your specific permission to do so in our letter of engagement.
- Sources of information
We may obtain information about you from a range of sources. These would include:
- Information provided by you (or by a named representative)
- Information provided by third parties to allow us to undertake legal work on your behalf, such as
- Banks / building societies
- Experts and independent financial advisors
- Solicitors acting for the other side
- Medical or financial institutions
- Why we need your data
The central reason for us asking you to provide us with your personal data is so that we can deliver our services to you in accordance with your instructions and our regulatory duties.
Examples of what we use your information for include:
- Verifying your identity and the source of funds (including anti money laundering checks)
- Liaising and communicating with you
- Delivering our services to you, including providing advice, preparing documentation and representation in proceedings
- Keeping financial records of transactions
- Obtaining advice from third parties including both legal and non-legal experts
- Responding to any complaint or allegation of negligence
This list is not exhaustive and is intended to be indicative only.
- Who has access to your data
We will not sell or rent your information to third parties. Nor will we share your information with third parties for marketing purposes.
Typically your information will only be used within our firm for delivering our services to you, staff training and development.
We may also have occasions where, in the course of delivering our legal services to you, we are required to disclose information to third parties. Examples of this would include:
- The Legal Aid Agency
- Courts or other alternative dispute resolution process providers
- Communications with the solicitor for the other side
- Instructing a Barrister or Counsel on your behalf
- Dealings with other legal and non-legal third parties in the furtherance of your matter
- If disclosure is required by law or regulation, for instance the prevention of financial crime and terrorism
- If there is an emergency and we believe that you , or others, may be at risk
Where we do need to share your information with third parties we do so on the basis that they comply strictly and confidentially with our instructions and that they do not use your personal information for their own purposes (unless you have specifically consented to them doing so).
Occasionally, some uses of personal data may require your specific consent. If this is the case we will contact you separately to ask for your consent that you are free to withdraw at any time.
We also have Information Management and Data Protection policies aimed at ensuring safe processing of all data.
- How do we protect your personal data
We appreciate how important your personal information is and it is critical to us that your data is protected while in our care.
We closely manage our IT and operational security to protect personally identifiable data from loss, misuse, alteration or unplanned destruction. We use a range of IT security solutions to support this including off site backups, data encryption, log in protection and anti malware or phishing software.
We manage as far as possible physical access to our offices and ensure hard copy files are kept in private areas of the office. We take our obligations seriously and staff are trained and aware of their confidentiality and data protection responsibilities. Both internal and external parties that we work with have agreed to confidentiality of all information either within their contracts or through the use of Non Disclosure Agreements.
- How long will we keep your data for
Personal information is held both in computer and manual files. It will be retained only for as long as is necessary, or as required by law, or as will be set out in any relevant contract with you.
We may hold personal data for differing lengths of time depending on the reason for doing so. For example:
- As long as is necessary to deliver our services to you and to avoid potential conflicts of interest in the future.
- Typically for a minimum of six years from the conclusion of your legal work in the event that we need to re-open your matter for any reason. In some matters certain documents and information may be kept for significantly longer.
- How we may use your details for legitimate business interests
Under the GDPR 2018 regulations we have the right to use your personal data for legitimate business interests. This might include:
- Anti money laundering and fraud prevention
- Managing network in IT security
- Data analysis and to improve our services
- Understanding trends in our sector
You have the right to object to this processing. Should you wish to do so please contact our Practice Manager via our main office number and email.
- What are your rights?
The GDPR (General Data Protection Regulations) 2018 entitle you to request a copy of your personal data. This is known as a “Subject Access Request”. If you wish to make such a request please do so in writing to our Practice Manager, or speak directly to the person in our firm who is dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the personal data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
You have the right to request that personal data that we hold on you is deleted or transferred to a third party and we have a duty to acknowledge these requests. They should be submitted in writing to our Practice Manager. However please note that our response will be subject to our other legal and regulatory duties and this may impact on our ability to comply fully with such requests.
- Complaints about the use of personal data
If you wish to raise a complaint with regards to the way that we have handled your personal data please contact our Practice Manager who can be contacted via email and our main office number. We will investigate any complaint or potential complaint in line with our Complaints Policy and will respond to you with the results of our investigation, along with any proposed remedial action, if appropriate.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).