|Last Revised: May 21, 2018|
This notice explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure. For clients of this firm, you should read this notice alongside our general terms and conditions which provide further information on confidentiality, data privacy etc. This notice does not apply to any website that may have a link to ours.
The Oliver Fisher Solicitors Partnership cares about your privacy. For this reason we collect and process personal data (as a ‘data controller’) only as it might be needed for us to deliver to you our services (our “Services”). Our Data Protection Officer is Arman Khosravi who can be contacted at email@example.com.
The exact information that we may request from you will depend on what you have asked us to do or what we are contracted to do for you.
There are two types of personal data (personal information) that you may provide to us:
- Personal data: is the general information that you supply about yourself – such sa your name, address, date of birth contact details, financial information etc.
- Sensitive personal data: is, by its nature, more sensitive information and may include your racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical view, bio-metric and genetic data
In the majority of cases personal data will be restricted to basic information and information needed to complete ID check,however, some of the work we do may require us to ask for more sensitive information.
If at any time you have questions about our practices or any of your rights described below, you may reach our Data Protection Officer (“DPO”) by contacting us at firstname.lastname@example.org This inbox is actively monitored and managed so that we can deliver an experience that you can confidently trust.
How we collect information/ sources?
We collect information so that we can provide the best possible experience when you utilize our Services. Much of what you likely consider personal data is collected directly from you and perhaps a number of sources:
- You may volunteer information about yourself;
- You may provide information relating to someone else – if you have the authority to do so;
- Information may be passed to us by third parties in order that we can undertake your legal work on your behalf. Typically these organisations can be, banks, building societies, panel provdiers who allocate legal work to law firms, organisations that have referred work to us, medical or financial institutions – who provide your personal records / information.
However, we also collect additional information when delivering our Services to you to ensure necessary and optimal performance. These methods of collection may not be as obvious to you, so we wanted to highlight and explain below a bit more about what these might be (as they vary from time to time) and how they work.
Cookies and similar technologies on our websites and our mobile website allow us to track your browsing behavior, links clicked, items purchased, your device type, and to collect various data, including analytics, about how you use and interact with our Services. This allows us to provide you with more relevant product offerings, a better experience on our sites and mobile applications, and to collect, analyze and improve the performance of our Services. We may also collect your location (IP address) so that we can personalize our Services.
Data about Usage of Services is automatically collected when you use and interact with our Services, including metadata, log files, cookie/device IDs and location information. This information includes specific data about your interactions with the features, content and links (including those of third-parties, such as social media plugins) contained within the Services, Internet Protocol (IP) address, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data, information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and error data, and some of this data collected might be capable of and be used to approximate your location.
Supplemented Data may be received about you from other sources, including publicly available databases or third parties from whom we have purchased data, in which case we may combine this data with information we already have about you so that we can update, expand and analyze the accuracy of our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Why we need your data?
The primary reason for asking your to provide us with your personal data, is to allow us to carry out your requests – which will ordinarily be to represent you and carry out your legal work.
The following are some examples, although not exhaustive, of what we may use your information for:
- Verifying your identity;
- Verifying source of funds;
- Communicating with you;
- To establish funding of your matter or transaction;
- Obtaining insurance policies on your behalf;
- Processing your legal transaction including: providing you with advice;carrying out litigation on your behalf; attending hearings on your behalf; preparing documents or to complete transactions;
- Keeping financial records of your transactions and the transactions we make on your behalf;
- Seeking advice from third parties; such as legal and non-legal experts;
- Responding to any complaint or allegation of negligence against us.
Who has access to it?
We have a data protection regime in place to oversee the effective and secure processing of your personal data. We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
Generally, we will only use your information within Oliver Fisher Solicitors. However there may be circumstances, in carrying out your legal work, where we may need to disclose some information to third parties; for example:
- HM Land Registry to register a property
- HM Revenue & Customs; e.g. for Stamp Duty Liability
- Court or Tribunal
- Solicitors acting on the other side
- Asking an independent Barrister or Counsel for advice; or to represent you
- Non legal experts to obtain advice or assistance
- Translation Agencies
- Contracted Suppliers
- External auditors or our Regulator; e.g. Lexcel, SRA, ICO etc.
- Bank or Building Society; or other financial institutions
- Insurance Companies
- Providers of identity verification
- Any disclosure required by law or regulation; such as the prevention of financial crime and terrorism
- If there is an emergency and we think you or others are at risk
In the event any of your information is shared with the aforementioned third parties, we ensure that they comply, strictly and confidentially, with our instructions and they do not use your personal information for their own purposes unless you have explicitly consented to them doing so.
There may be some uses of personal data that may require your specific consent. If this is the case we will contact you separately to ask for your consent which you are free to withdraw at any time.
How do we protect your personal data?
We recognise that your information is valuable and we take all reasonable measures to protect it whilst it is in our care.
We have exceptional standards of technology and operational security in order to protect personally identifiable data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations and both internal and external parties have agreed to protect confidentiality of all information; to ensure all personal data is handled and processed in line with our stringent confidentiality and data protection policies.
We use computer safeguards such as firewalls and data encryption and annual penetration testing; and we enforce, where possible, physical access controls to our buildings and files to keep data safe.
How long will we keep it for?
Your personal information will be retained, usually in computer or manual files, only for as long as necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
- As long as necessary to carry out your legal work
- For a minimum of 6 years from the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us
- For the duration of a trust
- Some information or matters may be kept for 16 years – such as commercial transactions, sales of leasehold purchases, matrimonial matters (financial orders or maintenance agreements etc.)
- Probate matters where there is a surviving spouse or civil partner may be retained until the survivor has died in order to deal with the transferable Inheritance Tax allowance
- Wills and related documents may be kept indefinitely
- Deeds related to unregistered property may be kept indefinitely as they evidence ownership
- Personal injury matters which involve lifetime awards or PI Trusts may be kept indefinitely
What are your rights?
Under GDPR, you are entitled to acess your personal data (otherwise known as a ‘right to access’). If you wish to make a request, please do so in writing addressed to our Data Protection Officer Arman Khosravi; or contact the person dealing with your matter.
A request for access to your personal data means you are entitled to a copy of the data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc.- but it does not mean you are entitled to the documents that contain this data.
Under certain circumstances, in addition to the entitlement to ‘access your data’, you have the following rights:
- The right to be informed: which is fulfilled by way of this privacy notice and our transparent explanation as to how we use your personal data
- The right to rectification: you are entitled to have personal data rectified if it is inaccurate or incomplete
- The right to erasure / ‘right to be forgotten’: you have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing. This right only applies in the following specific circumstances:
- Where the personal data is no longer necessary in regards to the purpose for which it was originally collected
- Where consent is relied upon as the lawful basis for holding your data and you withdraw your consent
- Where you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- Where you object to the processing for direct marketing purposes
- The right to object: you have the right to object to processing based on legitimate interests; and direct marketing. This right only applies in the following circumstances:
- An objection to stop processing personal data for direct marketing purposes is absolute – there are no exemptions or grounds to refuse – we must stop processing in this context
- You must have an objection on grounds relating to your particular situation
- We must stop processing your personal data unless:
- We can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms; or
- The processing is for the establishment, exercise or defence of legal claims.
- The right to restrict processing: you have the right to request the restriction or suppression of your data. When processing is restricted, we can store the data but not use it. This right only applies in the following circumstances:
- Where you contest the accuracy of the personal data – we should restrict the processing until we have verified the accuracy of that data
- Where you object to the processing (where it was necessary for the performance of a public interest or purpose of legitimate interests), and we are considering whether our organisation’s legitimate grounds override your right
- Where processing is unlawful and you request restriction
- If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim
Complaints about the use of personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate further. Our Data Protection Officer is Arman Khosravi and you can contact them at email@example.com
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
How we collect personal data?
The following are examples, although not exhaustive, of how we collect your personal information:
- Sign-up to receive one of our newsletters
- Submitting an online enquiry
- Following/liking/subscribing to our social media channels
- Take part in one of the competitions or promotions we run on the website or on our social media channels
- Agree to fill in a questionnaire or survey on our website
- Ask us a question or submit any queries or concerns you have via email or on social media channels
- Post information to the our website or social media channels, for example when we offer the option for you to comment on, or join, discussions
- When you leave a review about us on Trustpilot.com or Google Reviews
Whenever we collect your personal data, you will be provided the opportunity to ‘opt in’ to receiving marketing communications from us. We hope you will provide this information so you find our communications useful but if you choose not to this will have no effect on accessing our legal services.
Oliver Fisher handles enquires at different stages and we group those enquiries in three main ways. We will take the following steps in each instance:
Prospects: Consent will need to be recorded before being added to marketing campaigns.
Fixed fee clients: Legitimate interest will be the legal basis. Relevant marketing communication by email will be sent during the case and once the case has been closed. Clients have the option to exclude themselves from marketing by clicking on the unsubscribe link on all of our emails, on the telephone when speaking to an advisor or contacting Oliver Fisher through email or on social media.
Retainer clients: Legitimate interest will be the legal basis. Relevant marketing communication by email will be sent during the case and once the case has been closed. Clients have the option to exclude themselves from marketing by clicking on the unsubscribe link on all of our emails, on the telephone when speaking to an advisor or contacting Oliver Fisher through email or on social media.
Any contacts who have not engaged by opening an email over a period of 6 months will be removed from marketing communications.
How we may use your details
The following are examples, although not exhaustive, of how we may use your personal information for our legitimate business interests:
- fraud prevention
- direct marketing
- network and information systems security
- data /analytics /enhancing, modifying or improving our services
- identifying usage trends
- determining the effectiveness of promotional campaigns and advertising.
We may use your personal information for legitimate interests such as direct marketing or under reasonable expectation to provide you with information you would expect to receive or that would benefit and enhance our relationship. This information will help us review and improve our products, services and offers.
How we protect your personal information
We will only ever use non sensitive personal information to target individuals with marketing materials; such as name, address, telephone, email, job description and previous buying behaviours. Sensitive information or specific details will never be used to target marketing communications. We may use personalisation to collect analytics to inform marketing and produce relevant content for the marketing strategy to enable it to enhance and personalise the “consumer experience”.
If you do not wish us to continue to contact you in this way, you can either follow the unsubscribe instructions on any of our communications to you or contact us by emailing firstname.lastname@example.org with your name and email address. Your details will be removed immediately. Once unsubscribed, you may still receive transactional emails from us regarding your legal case.
We strongly believe in both minimizing the data we collect and limiting its use and purpose to only that (1) for which we have been given permission, (2) as necessary to deliver the Services you purchase or interact with, or (3) as we might be required or permitted for legal compliance or other lawful purposes. These uses include:
Delivering, improving, updating and enhancing the Services we provide to you. We collect various information relating to your purchase, use and/or interactions with our Services. We utilise this information to:
- Improve and optimise the operation and performance of our Services (again, including our websites and mobile applications)
- Diagnose problems with and identify any security risks, errors, or needed enhancements to the Services
- Detect and prevent fraud and abuse of our Services and systems
- Collecting aggregate statistics about use of the Services
- Understand and analyze how you use our Services and what products and services are most relevant to you.
Often, much of the data collected is aggregated or statistical data about how individuals use our Services, and is not linked to any personal data, but to the extent it is itself personal data, or is linked or linkable to personal data, we treat it accordingly.
Sharing with trusted third parties. We may share your personal data with third parties with which we have partnered to allow you to integrate their services into our own Services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as:
- Processing credit card payments
- Conducting contests or surveys
- Performing analysis of our Services and customers demographics
- Communicating with you, such as by way of email or survey delivery
- Customer relationship management.
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilising, sharing or retaining your personal data for any purpose other than as they have been specifically contracted for (or without your consent).
Communicating with you. We may contact you directly or through a third party service provider regarding products or services you have signed up or purchased from us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. You don’t need to provide consent as a condition to purchase our goods or services. These contacts may include:
- Text (SMS) messages
- Telephone calls
- Automated phone calls or text messages.
Compliance with legal, regulatory and law enforcement requests. We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (such as subpoena requests), to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
Website analytics. We use multiple web analytics tools provided by service partners such as Google Analytics, MixPanel and Singular to collect information about how you interact with our website or mobile applications, including what pages you visit, what site you visited prior to visiting our website, how much time you spend on each page, what operating system and web browser you use and network and IP information. We use the information provided by these tools to improve our Services. These tools place persistent cookies in your browser to identify you as a unique user the next time you visit our website. Each cookie cannot be used by anyone other than the service provider (ex: Google for Google Analytics). The information collected from the cookie may be transmitted to and stored by these service partners on servers in a country other than the country in which you reside. Though information collected does not include personal data such as name, address, billing information, etc., the information collected is used and shared by these service providers in accordance with their individual privacy policies.
Targeted advertisements. Targeted ads or interest-based offers may be presented to you based on your activities on our webpages, and other websites, and based on the products you currently own. These offers will display as varying product banners presented to you while browsing. We also partner with third parties to manage our advertising on our webpages and other websites. Our third party partners may use technologies such as cookies to gather information about such activities in order to provide you with advertising based upon your browsing activities and interests, and to measure advertising effectiveness. To opt out of this please contact is at email@example.com
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our us (free of charge) at firstname.lastname@example.org.
How you can access, update or delete your data.
To easily access, view, update, delete or port your personal data (where available), or to update your subscription preferences, please call us or email
If you make a request to delete your personal data and that data is necessary for the products or services you have purchased, the request will be honored only to the extent it is no longer necessary for any Services purchased or required for our legitimate business purposes or legal or contractual record keeping requirements.
If you are unable for any reason to access your Account Settings or our Privacy Center, you may also contact us by one of the methods described in the “Contact Us” section below.
How we secure, store and retain your data.
We follow generally accepted standards to store and protect the personal data we collect, both during transmission and once received and stored, including utilization of encryption where appropriate.
We retain personal data only for as long as necessary to provide the Services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
- mandated by law, contract or similar obligations applicable to our business operations;
- for preserving, resolving, defending or enforcing our legal/contractual rights; or
- needed to maintain adequate and accurate business and financial records.
If you have any questions about the security or retention of your personal data, you can contact us at email@example.com.
‘Do Not Track’ notifications.
Some browsers allow you to automatically notify websites you visit not to track you using a “Do Not Track” signal. There is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” you may wish to visit www.allaboutdnt.com.
Our Services are available for purchase only for those over the age of 18. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 18. If you know of or have reason to believe anyone under the age of 18 has provided us with any personal data, please contact us.
Data Protection Authority.
If you are a resident of the European Economic Area (EEA) then we maintain your personal data subject to the General Data Protection Regulation (GDPR), you may direct questions or complaints to our lead supervisory authority, the UK’s Information Commissioner’s Office, as noted below:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Phone: 0303 123 1113
- By Mail: Attn: Arman Khosravi at Oliver Fisher Solicitors, 2nd Floor Astley House, 33 Notting Hill Gate, W11 3JQ
- By Phone: (0203) 219 0145.
We will respond to all requests, inquiries or concerns within thirty (30) days.