We use your personal data to provide legal advice and related services (including marketing communications, where you have requested them), manage our business, recruit new staff, comply with our legal obligations, and improve and monitor the performance of our digital platforms
We may add your personal data to our contact database if you are a client or prospective client
We have measures in place to safeguard your personal data if we are required to transfer it outside the European Union
We take steps to minimise the amount of personal data we hold about you and to keep it secure
We delete your personal data when we no longer need it, and we have policies in place to govern these arrangements
You have a number of rights in relation to your personal data
We are happy to answer your questions about any of the above – please send them to enquiries@WendyHopkins.co.uk
For further details about how we process your personal data you can read the appropriate Privacy Notices below:
This notice explains how and why your personal data is processed by Wendy Hopkins Family Law Practice (also referred to as “we”, “ our” and “us”) when we provide you with legal and related services, when you use our website, and when we send you marketing communications.
Wendy Hopkins Family Law Practice is a "controller" in relation to its use of your personal data. This is a legal term – it means that we make decisions about how and why we use your personal data and, because of this, we are responsible for making sure it is used in accordance with applicable data protection laws.
In this notice, when we talk about personal data we mean any information that relates to an identifiable natural person – in this case, you.
You should read this notice, so you know what personal data we collect about you, what we do with it and how you can exercise your rights in connection with it. You should also read any other privacy notices that we give you that might apply to our use of your personal data in specific circumstances from time to time. If you have any questions about this notice, please contact our data controller THughes@WendyHopkins.co.uk
The personal information we process about you broadly falls into five main categories:  Contact Information;  Identity and Other Regulatory Information;  Matter and Billing Information;  Marketing Preferences; and  Browsing and Device Usage Information.
We collect your personal information from various sources. The summary below sets out the different types of personal information that we collect and the sources we collect it from.
Please be aware that if you do not provide us with your Contact Information we may not be able to provide you with any information you request, and if you do not provide us with your Contact Information, Identity and Other Regulatory Information or certain Matter and Billing Information, we will not be able to act for you.
What do we do with your personal data, and why?
We use your personal data for a number of different purposes. We must always have a “lawful basis” [namely, a reason, prescribed by law] for processing your personal data. The Personal data summary below explains the purposes for which we process the different categories of your personal data and the corresponding lawful basis for that processing.
We also process certain special categories of personal data [including details relating to your health when you visit our premises] and information relating to your criminal record where applicable, which require a higher standard of protection under applicable laws. For these special categories of personal data, different lawful bases apply. The Special categories of personal data purposes table below sets out the different purposes for which we process special categories of personal data about you and the relevant lawful basis on which we rely for that processing. For some processing activities, we consider that more than one legal basis may be relevant – depending on the circumstances. We also have policies in place explaining our procedures for ensuring compliance with applicable laws in connection with the processing of special categories of personal data.
Cookies and similar technologies
Who do we share your personal data with, and why?
Sometimes we share your personal data with third parties where permitted by law, including the following:
· other companies when it is necessary for us to provide you with multi-jurisdictional legal advice.
· barristers, other law firms and courts, as applicable in the context of the legal services we provide to you;
· courts and other judicial or official bodies, where we are asked to respond to an order or other binding requests
· regulatory bodies and law enforcement agencies, where necessary for any investigations or to respond to enquiries in relation to our compliance with applicable law or regulations or in connection with criminal investigations, or where otherwise permitted or required by applicable law; and
· professional advisors (such as third-party law firms and accountants) and other third parties in connection with our legitimate business activities.
These organisations may use your personal data as a “controller” – they will have their own privacy notices which you should read, and they have their own responsibilities to comply with applicable data protection laws.
We also ask third party service providers to carry out certain business functions for us. These include:
· IT support, cloud platform and data hosting providers who help us with the operation of our websites, mobile applications, data rooms, document and workflow management systems and other systems and applications;
· third party debt recovery organisations where we need to recover any money owed to us;
· marketing service providers, including companies who send out surveys and marketing communications on our behalf; and
· survey providers who help collate client feedback for us.
We will have in place an agreement with our service providers which will restrict how they are able to process your personal data and impose appropriate security standards on them.
Where is your personal data transferred to?
We may occasionally need to transfer your personal data to recipients in jurisdictions other than your own. Some of these jurisdictions may not provide the same level of protection to your personal data as provided in your jurisdiction. If we transfer your personal data outside the European Union, we will only make that transfer if:
· that country ensures an adequate level of protection for your personal data;
· the recipient or recipient country is subject to an approved certification mechanism or code of conduct with binding and enforceable commitments which amount to appropriate safeguards for your personal data – this includes for example, the EU-US Privacy Shield which enables the secure transfer of personal data to the United States;
· we have put in place appropriate safeguards to protect your personal data, such as a contract with the person or entity receiving your personal data which incorporates specific provisions as directed by the European Commission;
· the transfer is permitted by applicable laws; or
· you explicitly consent to the transfer.
How do we keep your personal data secure?
We will put in place appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
However please note that, in relation to any personal data you submit to us online, we cannot guarantee the security of data sent to us in this way. Transmission of data over the internet is at your own risk.
How long do we keep your personal data for?
We will only retain your personal data for a limited period of time [normally, for seven years], and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
· any laws or regulations that we are required to follow;
· whether we are in a legal or other type of dispute with each other or any third party;
· the type of information that we hold about you; and
· whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
What are your privacy rights and how can you exercise them?
Where our processing of your personal data is based on your consent you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.
Where our processing of your personal data is based on the legitimate interests’ lawful basis you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
Depending on the circumstances, you may have the right to:
· access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the recipients or categories of recipient to whom it is disclosed and the period for which it will be stored;
· require us to correct any inaccuracies in your personal data without undue delay;
· require us to erase your personal data;
· require us to restrict processing of your personal data;
· receive the personal data which you have provided to us, in a machine-readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us and where the processing is automated; and
Please contact us at THughes@WendyHopkins.co.uk if you would like to exercise any of your privacy rights.
We also encourage you to let us know if you have any concern about how we are processing your personal data so we can try to resolve your concerns. However, if you consider that we are in breach of our obligations under data protection laws, you are always entitled to submit a complaint to the Information Commissioner’s Office which enforces data protection laws at: https://ico.org.uk/
Purposes for processing personal data
Purposes for processing special categories of personal data