Effective date: 01/04/2020
United Legal Access takes data privacy and security seriously and we are committed to protecting your personal data in accordance with the Data Protection Act 2018.
How we collect your personal data
We collect personal data to provide our services, for legal and regulatory purposes and to manage the way United Legal Access operates.
Your personal data is collected when you voluntarily provide it to us or when it is provided to us by others. You may give us your personal data through our website when you submit a ticket and ask a legal question; by email; by telephone; by post or face to face at one of our advice drop-in clinics.
Types of data we collect
Personal contact details
Name, personal email address and post code.
We will usually ask for this to:
a) respond to you once your legal question has been answered;
b) inform you of services in your area that may be able to assist you further if we cannot deal with your matter or you require additional help
c) to conduct internal conflict checks
Your passport/ID and proof of address.
We will typically ask for this during the pre-hiring checks for volunteers and staff only.
Details about your civil legal issue
Your legal question; providing additional information where requested; submitted documents in support of your legal question / enquiry
We collect and hold information about your case or legal problem for purposes of providing advice and information.
Your activity on our websites
Including your IP address, details of the webpages you visit, articles you download and the website you came to us from.
These are collected through cookies and other electronic logs which are created when you visit our website. For further details, please refer to our separate cookies policy.
IT logs and online identifiers
Creating an online account, incoming and outgoing email, other communications records and other IT logs.
Our IT systems automatically filter email and instant messaging communications for viruses and compliance with our internal policies. Where appropriate and permitted by law, we will monitor such communications and logs to ensure compliance with applicable rules and law and our internal policies.
Use of your personal data
We will only use your personal data to provide you with legal advice, assistance and where appropriate, to refer you to external agencies and organizations within our network, who can assist you further and, in some cases, for representation. We will also use your data for reasons directly associated with those services, such as providing information to quality auditors.
Under the Data Protection Act 2018 which implements the General Data Protection Regulation 2016 (the “GDPR”) we are only permitted to hold and process your personal data for the following reasons:
As we will be holding your personal data to provide you with advice and assistance, this will form an agreement between you and us. This agreement is a contract and under the current UK data protection act, we are permitted to process your data for the for the purposes of performing a contract (or for the steps necessary to enter in to a contract).
Where it is necessary for the purposes of our or another party’s legitimate interests, except where these are overridden by your interests, rights or freedoms, we require your data. For example, to ensure compliance with our internal policies;
for general security and business continuity purposes; or to satisfy our external quality auditors or our Regulators.
In cases where we are processing your personal data on the basis of our legitimate interest, you have the right to ask us to stop processing the data, for reasons connected to your individual situation. We must then stop processing your data, unless we believe that we have a legitimate overriding reason to continue processing your personal data.
In situations where we identify that you require further assistance beyond what we can provide and suggest a referral to an appropriate service, agency or organisation, or where we recommend you be referred to a solicitor or law firm for additional assistance, we can collect and process your data with your consent.
When collecting your Personal Data, we will always make it clear to you, which data is necessary in connection with a particular service.
How we protect your data
We will hold your personal data securely in line with reasonable technical and organisational security measures to help protect personal data from unauthorised access, use, disclosure, alteration or destruction. Access to our virtual legal clinic, which holds your personal data via our online service, is password-protected. Only those with internal authorised access to IT log in details, will be able to access the data online.
How long we will keep your data
We will keep your personal data for as long as is necessary to fulfil the purpose for which the data was collected. This may be for up to 6 years after your case or matter ends with us in accordance with legal requirements.
Where we no longer require your personal data, we will take steps to delete or anonymise it so there is no longer an identifiable link.
Who do we share your personal data with?
At times we will need to share your personal data with selected and trusted third parties such as other advisers, solicitors, barristers, law firms; experts; translators; the company that securely hosts our off-site cloud storage servers; law enforcement, regulatory, public or quasi-governmental authority. We only do this where it is necessary for providing legal services or for the effective operation of our legal practice. We do not disclose (or sell) your personal data to any other third parties.
When we do share your personal data with the selected and trusted third parties mentioned above, to keep your data safe and to protect your privacy, we:
- Only provide the information they need for them to perform their specific services.
- Permit them to only use your personal data for the exact purposes which we have specified in our contract with them.
- Work closely with them to ensure that your privacy is respected and protected at all times and
- Should we stop using their services, we require that any data held by them which concerns you, will either be deleted or rendered anonymous.
Where is your personal data stored and processed?
Your personal data is stored and processed within the European Economic Area (EEA). The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may be required to transfer your personal data outside the EEA, but this is to ensure we can carry out our legal services to you. If you have any questions or concerns about this, you can make a written request to email@example.com.
When you visit our website, we may send a cookie to your computer. This is a small data file stored by your computer to ensure that our website functions as it should. It is also used to recognise you when you return to our website (for example, to remember your login details so that you do not need to re-enter them when you visit our site again) and to analyse how our website and online services are performing, so that we can understand how people arrive at and use our website and we therefore can tailor our website accordingly.
Under the GDPR and Data Protection Act 2018, you have the following privacy rights:
Right to be informed
Right of access
You can request copies of your personal data free of charge in most cases. These are known as Data Subject Access Requests (DSARs). Please see below for more information.
Right to rectification
If we hold any inaccurate, out-of-date or incomplete personal data about you, you can ask us to rectify or complete that information.
Right to restrict processing
You can ask us to restrict the processing of your personal data (or to suppress it) for a certain period of time. This right however, is not absolute and only applies in certain circumstances.
Right of data portability
You can ask us to move, copy or transfer your personal data back to you or to another person (in limited circumstances). This right only applies: (a) to personal data you have provided to us as a Data Controller; (b) where the processing is based on your consent or for the performance of a contract; and (c) when processing is carried out by automated means.
Right to object
At any time, you can request for us to stop processing your personal data for marketing purposes.
Where there are legitimate grounds to do so, you can also object to us processing your personal data on the basis of our legitimate interests and in certain other situations.
Right to withdraw consent
You can request at any time, that we stop any consent-based processing of your personal data after you withdraw that consent.
Rights in relation to automated decision-making and profiling
You have the right to: (a) ensure that any significant decisions affecting you are not made purely by automated means based on an online profile or other information (i.e. a person is involved in the decision-making), and (b) that you can express your views and to challenge the decision.
We are also under obligations to ensure that any profiling is undertaken in a fair and transparent way.
To exercise your rights and to make further enquiries regarding data privacy, please send a written request to firstname.lastname@example.org. We will respond to you within 30 days.
Please note that:
- We will need to verify your identity in order to be able to comply with your Data Subject Access Request (DSAR) with two forms of identification (e.g. passport, driver’s license). Upon satisfactory forms of ID, you will be notified and your DSAR will be processed.
- When making a DSAR please state how you would like the information to be given to you, either in electronic form or paper based with a return address. Please note the electronic format will contain a password which will also be given to you.
- When you request access to your personal data, there will be some personal data which we are not able to disclose to you, such as documents which include confidential or personal information about another entity or person; legally privileged documents; and internal management and financial information about us.
- We will not be able to comply with your request in certain circumstances, for example where your request is manifestly unfounded or excessive.
- If we choose not to action your request, we will explain to you the reasons for our refusal.
If we discover that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Supervisory Authority, The Information Commissioners Office (“ICO”) within 72 hours of discovery. We will record all data breaches regardless of their effect. We will also inform you if the breach affects you in accordance with the Data Protection Act 2018.
The Supervisory Authority
If you feel that your personal data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”).
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites).