Privacy Notice

All personal information provided by you will be treated in accordance with the Data Protection Act 2018 and the EU GDPR 2018 or UK GDPR 2021 depending on where the information is processed.

Personal data is information which directly or indirectly identifies you. We at Pengillys LLP are committed to processing your personal data in accordance with UK and EU Data Protection laws. For the purpose of UK and EU Data Protection laws, Pengillys LLP is the data controller and is a registered data controller under ICO registration number Z5385444.

It may be necessary for you to give us personal data so that we can provide you with the requested services, fulfil any contractual relationship with you, inform you of our services, comply with applicable laws, regulations and/or codes of practice, and for other purposes as set out in this notice where in our legitimate interests.

Collecting Your Personal Data

We may collect your personal data in a number of ways, including from:

a. You, for example when you:

i. Apply for and use our services.
ii. Call us or make an enquiry via our website
iii. Enter into any agreement with us, including employment contracts
iv. Contact and interact with us , including via using our website
v. Ask us to contact you, including via the exchange of business cards with a member of the firm
vi. Attend events.
vii. participate in surveys.
b. Someone else may share your personal data with us, for example:

i. Within the course acting on a conveyancing transaction.
ii. Administering an estate.
iii. Conducting litigation on your behalf or the like.
c. Third parties, such as:

i. Credit reference agencies.
ii. Fraud prevention agencies.
d. Public sources, for example:

i. Companies House.

What Personal Data We Collect

Types of information we may collect include your personal details, e.g. date of birth, contact details, nationality, tax details, employment details, regulatory history.

Other personal information as required, e.g. as part of litigation in which you may have asked us to represent you.

Financial information, e.g. income and outgoings, assets and liabilities, bank details, account information and history, account activity, credit history and information, share holdings.

Information we have from our dealings with you or from anyone acting on your behalf, e.g. records of telephone calls, records of our interactions/correspondence with you, details of your transactions.

Sensitive personal data including but not limited to the following: religious belief, sexual orientation. (We will only collect this with your explicit consent, or where the processing is specifically authorised by a regulatory body, or required by law/legal process.)

If you give us personal data about someone else you should have a lawful basis for doing so, e.g. you have their consent to share personal data with us. Where applicable, you should ensure that they read this Privacy Notice and understand how we will use and disclosure their information, in the ways described in this Privacy Notice.

How We May Use Your Personal Data

We collect your personal data or information to operate the firm effectively and provide you with a high-quality service. We may use your information:

  • To deliver legal services to you on your instruction.
  • To answer enquiries that you make prior to any formal instruction.
  • To avoid any conflict of interest as we represent you
  • To process a job application
  • To fulfil our obligations as an employer
  • To provide benefits to you as an employee
  • To adhere to regulations set out by the Solicitors Regulatory Authority
  • To adhere to quality standards as set out under the Lexcel Standard.
  • To maintain security of our office and IT infrastructure
  • To invoice you, and to track payments you make or payments made to you

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the firm, our contractual requirements to deliver the agreed legal services to you, and our legal obligations, both as a limited company and responsible employer. If we represent you in a criminal case, we will collect information about the alleged offences and any related criminal history. Where we process sensitive personal information in the course of these and other similar cases, we do so to assist you and/or your organisation to establish, exercise or defend legal claims.

We may disclose certain personal data as follows:

a. To Courts, tribunals, mediators, governmental and non-governmental agencies, regulators and ombudsmen.
b. To law enforcement agencies.
c. To any relevant third party in the course of an acquisition, sale, transfer, re-organisation or merger of parts of our business or our assets.
d. To any relevant third party in the course of an acquisition, sale, transfer, re-organisation or merger of parts of our business or our assets.
e. In the course of conveyancing we follow the Law Society Protocol which encourages communication with all parties involved including but not limited to estate agents, mortgage brokers; conveyancing practitioners; HMRC and the Land Registry and other statutory bodies.
f. In the course of probate we will need to will need to contact many third parties who will need to have relevant personal data (eg but not limited to) banks or other financial institutions; utility companies; the press; financial advisors; estate agents; the Probate Registry; HMRC; the Land Registry; other solicitors; charities; beneficiaries and a range of third parties in particular to assist in the administration of an estate.
g. In the course of contentious matters we follow the procedure prescribed by the court or in various protocols. Invariably this requires disclosure of relevant personal data which can include sensitive data. Examples of this include in Family cases where a range of personal data and at times sensitive personal data will need to be given to the court; CAFCASS; CYPS; exchanged or provided to the other party/ parties (occasionally including medical records in certain cases); in Employment cases similarly personal data will need to be shared with the court and other party/parties to the case and on occasion this can include sensitive personal data; in Civil Litigation cases (eg personal injury claims), personal data and at times sensitive data will need to be disclosed to the other party/parties as part of pre action protocol; at mediation/ADR; and certainly within the course of court proceedings. Frequently in all such cases experts may be used and will need relevant personal data in order to prepare their report/s.
h. As required or permitted by law or regulation, where we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property or safety of Pengillys LLP, our clients or others.
i. To credit reference agencies (CRAs).
j. To fraud prevention agencies (FPAs).

You may ask us for details of the CRAs and FPAs which we have used for your searches. If there are any errors in the information we hold about you, please tell us so that we can correct information we hold about you.
k. As part of our Lexcel accreditation and professional auditing process generally, your file may be selected for inspection. We do this on the basis of legitimate interests; if you wish to object, please contact us on the details below. Objecting will not affect the service you receive from us.

We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes. If you would like to know more, please read below:

  • Clients
  • Prospective Clients
  • Job Applicants, Our Current and Former Employees
  • Suppliers

Clients

As a client, we will hold the following information about you

  • Name, date of birth, and contact information.
  • National insurance number
  • Information relating to your legal matter
  • Financial details
  • Demographic information such as postcode
  • Information and documents relating to the service we are providing, including communications with you.
  • Billing and payment information.

We store your information on our secure servers based in the UK. We also hold paper copies of your information in the client matter files, stored in our Weymouth and Poundbury offices, and in a secure, offsite storage archive.

We will retain your client matter file for the duration of our relationship with you, then for a minimum of 7 years after, and a maximum of 12 years, if required for audit purposes. We will retain financial records for 6 years, following the end of the current financial year.

Prospective Clients

As a prospective client, we may hold the following information about you:

  • Name, date of birth, and contact information.
  • National insurance number
  • Brief information relating to your legal matter
  • Demographic information such as postcode
  • Signposting information we may have provided to you if we are unable to provide you with a service

We store your information on our secure servers based in the UK. Communications with you relating to your initial enquiry may also be stored in our email system for a period of 6 months. We will retain minimal personal information about you to enable us to conduct conflict of interest checks as required by the Solicitors Regulatory Authority. If you do not instruct us, we will retain details relating to your enquiry for a maximum of 2 years.

Job Applicants

When you apply for a job with us, we may hold the following information about you:

  • Name, date of birth, and contact information.
  • Information relating to your qualifications and experience
  • Demographic information such as postcode
  • References where we take them up
  • Information and documents relating to the review, interview and selection process, including communications with you.

We store your information on our secure servers in the UK and in hard copy in a secure filing cabinet in the office. We will retain your personal data relating to the review, interview and selection process for a period of 6 months after the interview date.

Current and Former Employees

When you work for us, we may hold the following information about you:

  • Name, date of birth, and contact information
  • National insurance number and Unique Tax Reference (UTR)
  • Information relating to your qualifications and experience
  • Demographic information such as postcode
  • Information and documents relating to your performance and supervision as an employee of the firm, including communications with you
  • Your photograph, including Passport and Driving Licence
  • Financial information, such as bank details, pension scheme and salary details
  • Information about your next of kin
  • Health information

We store your information on our secure servers based in the UK, and in hard copy in a secure filing cabinet in the office. We will also store communications with you on our email server, based in the UK. We will retain your personal data for the duration of your employment and for a period of 7 years after you leave the firm. Beyond this point, we only retain minimal information about you to confirm the period of time you were employed by the firm for reference purposes. We share your information with HMRC, and our chosen pension / benefits providers.

Suppliers

When you work with the firm as a supplier, we may hold the following information about you:

  • Name and business contact information.
  • Information relating to your qualifications and experience, if relevant
  • Demographic information such as postcode
  • Information relating to your business activities
  • Information and documents relating to the services or products you offer, including our communications with you.
  • Financial information

We store your information in hard copy in the accounts department. We will also store communications with you on our email server, based in the UK. We will retain your information for the duration of our relationship with you and for 7 years after the last purchase we made with you.

Transfer of Personal Data Outside the European Economic Area (EEA)

We may transfer your personal data to recipients who may carry out services on our behalf, or in accordance with your request, or to fulfil your instructions, located in countries outside of the EEA. If we transfer your personal data to such a country, we will take all necessary steps to ensure your data is protected to an equivalent standard as within the EEA.

Your Rights

You have the following rights:

  • The right to be informed, which is what this privacy policy is for
  • The right to access the data we hold about you
  • The right to object to direct marketing
  • The right to object to processing carried out on the basis of legitimate interests
  • The right to erasure (in some circumstances)
  • The right to data portability
  • The right to have your data rectified if it is inaccurate
  • The right to have your data restricted or blocked from processing

If you wish to exercise any of these rights or withdraw consent to use your personal data, you should contact the Data Protection Manager as described below. You also have the right to lodge a complaint about the processing of your personal data with your local Data Protection Supervisory Authority (in the UK the Information Commissioner’s Office).

Visitors to our Website – Cookies

Cookies are small text files that are placed on your computer by websites that you visit.  They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.  pengillys.co.uk does not currently use Cookies.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. pengillys.co.uk does not currently use Cookies.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Contacting us via email

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Marketing

We may contact you periodically to provide information regarding events, products, services and content that may be of interest to you, and to invite you to participate in market research.

If applicable law requires we receive your consent before we send you certain types of marketing communications, we will only send you those types of communications after receiving your consent. Where this information is provided electronically we may track your response, eg with which e-mails you open.

If you wish to stop receiving marketing or marketing research communications from Pengillys LLP, please simply inform the person with conduct of your case, or contact the IT Principal as described below.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.

Changes to this Privacy Notice

We may revise or supplement our Privacy Notice from time to time to reflect, for example, any changes in our business, law, markets, or the introduction of any new technology.

 

Enquiries, Requests or Concerns

All enquiries, requests or concerns regarding this Notice or relating to the processing of personal data should be sent to John Walkington, Data Protection Manager, Pengillys LLP, 67 St Thomas Street, Weymouth, Dorset, DT4 8HB, or e-mail contact@pengillys.co.uk

    Make an enquiry