Grey-Smith Legal respects your privacy and is committed to protecting your personal data. This privacy notice explains how we look after your personal data when you visit our website and advises you of your privacy rights and you are protected by the law.
PURPOSE OF THIS PRIVACY NOTICE
This privacy notice gives you information on how we collect and process your personal data through your use of our website. This includes data which you provide through our website when making an enquiry or purchasing a product or service.
Our website is not intended for children and we do not knowingly collect data which relates to any person under the age of 18.
Grey-Smith Legal is the data controller and is responsible for your personal data (referred to as “Grey-Smith Legal”, “we”, “us” or “our” in this privacy notice). Our registered office address is Exchange Building, 66 Church Street, Hartlepool, TS24 7DN. Our Head Office address is 3-4 Birdwells Court, Skelton Industrial Estate, Skelton-in-Cleveland, Saltburn-by-the-Sea, TS12 2LQ.
Dale Smith is our Data Protection Officer and is responsible for any queries in relation to this privacy notice. If you have any questions, including any requests to exercise your legal rights, please contact Dale using the following details.
3-4 Birdwells Court
Skelton Industrial Estate
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), which is the supervisory authority for data protection issues in the United Kingdom (www.ico.org.uk). We would, however, be most grateful to be first given the opportunity to deal with your concerns so please do contact us directly initially.
CHANGES TO THE PRIVACY NOTICE
This notice was last updated on 4th June 2020.
YOUR DUTY TO INFORM US OF ANY CHANGES
It is important that we ensure that the personal data we hold about you is both up to date and accurate. Please therefore ensure that you let us know if your personal data changes at any time during your relationship with us.
Personal data (or personal information) is information about an individual which can identify them. It does not include anonymous data.
Grey-Smith Legal may collect, use, store and transfer different kinds of personal data about you, such as:
Identity – including your title, first name, middle name, surname, maiden name, username, date of birth, gender and marital status.
Contact information – including your home address, contact telephone number(s) and email address(es).
Technical data – including your IP address, login information, technology on any devices used by you to access our website, operating system and browser type and version.
Profile data – including your username, password, preferences, purchases/orders which you have made and feedback given.
Usage data – including information regarding your use of our website and services.
Financial data – including your bank account and payment card details.
Transaction data – including details of payments to you, payments from you and details of services which you have received from us and paid us for.
Marketing data – your preferences for the way you receive marketing from us and third parties.
Communications data – your preferences as to how you receive communications from us.
FAILURE TO PROVIDE YOUR PERSONAL DATA
There are instances where we will need to collect your personal data, for example under the terms of a contract we have with you, or by law. If you do not provide that data when requested, this may result in us not being able to perform the contract we have with you, or are trying to enter into with you. If this does occur, we may have to cancel a service you have with us. We will notify you if this is the case.
DATA COLLECTION METHODS
The following are methods which we use to collect data about you:
Direct interactions – You may give us your identity documents, contact details and financial data by completion forms for us, or by corresponding with us by post, telephone or email. This could include personal data which you provide when you instruct us to provide our services, enter a promotion or survey or complete a feedback questionnaire.
Automated interactions – When you interact with our website we may automatically collect Technical Data about the equipment you use, and browsing actions and patterns. This personal data is collected using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from third parties and public sources, such as Google.
USE OF YOUR PERSONAL DATA
We will use your personal data in the following circumstances (when the law permits us to):
To enable us to perform the contract we have, or are about to, enter into with you.
Where we need to comply with the law or a regulatory obligation.
Where use of the data is necessary for our, or a third party’s legitimate interests, as long as and your interests and fundamental rights do not override these.
PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA
We will use your personal data to register you as a new client, provide our services to you, to manage our relationship with you, to ask that you complete surveys for us, to administer our business and website, to deliver relevant material to you, to improve our services, and to recommend services to you which we believe may be useful to you (marketing). You will receive marketing communications from us if you have requested information from us, used our services, or provided us with your details when registering for a promotion and did not ‘opt out’ of receiving marketing.
We will only use your personal data for the purposes which we collected it, unless we reasonably consider that we need to use it for another compatible reason. You can contact us if you require an explanation as to how the new purpose is compatible with the original purpose.
If we need to use your personal data for purpose which is not related to the original purpose we will notify you give you an explanation of the legal basis which allows us to do so.
We also collect Aggregated Data such as statistical or demographic data for any purpose, and use and share it. This may be derived from your personal data but is not treated as personal data by the law as it does not reveal your identity in any way. As an example, we may aggregate your Usage Data to help us to calculate the percentage of our website users who are accessing a specific website feature.
However, if we combine any Aggregated Data with your personal data meaning that it could identify you, either directly or indirectly, then this combined data is treated as personal data and therefore used in accordance with this privacy notice.
We will obtain your express consent before we share your personal data with any other company for marketing purposes. You can opt-out at any time by contacting us.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
DISCLOSURE OF YOUR PERSONAL DATA
We may have to share your personal data with the external third parties, for example those providing IT services and systems to us.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not transfer your personal data outside the European Economic Area (EEA).
We have taken appropriate security measures to avoid your personal data being accidentally lost, altered, used or accessed in an unauthorised way or disclosed. We limit access to your personal data to only those employees, agents, contractors and other third parties who have a business need to access it. These persons will only access/process your personal data on our instructions and are subject to a duty of confidentiality.
We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it (including the satisfaction of any legal, accounting, or reporting requirements).
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
You have rights under data protection laws in relation to your personal data. You may:
Ask us for access to your personal data.
Ask us to correct your personal data.
Ask us to delete of your personal data.
Object to the processing of your personal data.
Ask us to restrict the processing of your personal data.
Ask us to transfer of your personal data.
Withdraw your consent.
No fee will usually be required for you to exercise these rights, however we may charge a reasonable fee if we believe that your request is repetitive, excessive or unfounded.
WHAT WE MAY NEED FROM YOU
We may need to ask you for certain information from you to help us confirm your identity for the purpose of exercising your rights relating the exercise any of your rights. This is a necessary security measure which we have put in place to ensure that your personal data is not disclosed to a person who does not have the right to receive it. We may also ask you for further information relating to your request to enable us to provide a faster response.
We aim to respond to all legitimate requests within one month. If your request is particularly complex or you have made a number of requests then it may take us longer to process your request. We will always notify you and keep you updated as to timescales.