Your personal data is data which by itself or together with data available to us may be used to identify you. We are Peterkin & Kidd, the Data Controller. This Data Protection Statement sets out how we will use your personal data. You can contact our Data Protection Officer at 8 High Street, Linlithgow EH49 7AF if you have any questions. Where this form is addressed to two or more persons, this Data Protection Statement applies to each person separately.
The Types of Personal Data
Which We Will Collect and Use
Whether or not you become a client, we will use personal data for the reasons set out below and if you do become a client then we will use it to provide you with the services for which you have engaged us. We will collect most of this data directly during identification procedures and undertaking work on your behalf. Any sources of personal data which are collected indirectly are mentioned in this Statement. The personal data may include:-
Full name and personal details including contact information such as home or business address, address history, e-mail address, home and mobile/telephone numbers.
Date of birth and/or age. This may be used to both verify identity and for completing money laundering checks.
Financial details. This may include information regarding source of funds which you are paying to us for any reason and in particular our conducting financial transactions on your behalf it may also include bank account details to identify source of money or where payment is being made to.
Records of services that you have obtained for us or instructed us to undertake, how you use those and the relevant technology to access or manage them.
Information from credit reference or crime prevention agencies, Electoral Roll, Court records of debt judgements and bankruptcies and other publicly available sources as well as information on any financial sources that you may have where appropriate. This may include where money is being introduced by a third party to assist you with financial transactions.
Family, lifestyle or social circumstances if relevant to the service being provided. For example, this may be used by us to assist with the preparation and submission of any Property and other Tax Returns
Employment details relevant to the services being provided.
Information as to whether you are a politically exposed person in terms of relevant Money Laundering Regulations.
Personal data on the same business for other parties who are co-instructing you to provide the same services.
Special category personal data (including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the processing of genetic data, biometric data for the purpose of uniquely identifying an actual person, an individual’s health, a natural person’s sex life or sexual orientation, criminal convictions or offences) but only if necessary to provide legal services for the establishment, exercise or defense of legal claims this will be used only we are satisfied that it is necessary to comply with our Data Principles.
Providing My Personal Data
We will tell you if providing some personal data is optional including if we ask for your consent to process it. In all other cases you must provide us with personal data so that we can process the service on your behalf. We may ask you to renew or confirm personal data that we already hold.
Monitoring of Communications
Subject to all applicable laws, we will monitor our communications with you and keep copies of all e-mail, letter and other written correspondence. We may also keep a record of other communications with you such as telephone calls. We will do this for regulatory compliance, our own office practice, crime prevention and detection and to prevent the security of our communications, systems and procedures, to check that accurate and legitimate information is provided to us and for quality control and staff training purposes. We may keep a record of all such communications where necessary for us to see what has been said, written or otherwise communicated. We may further scrutinise the data that you provide us where this is justified by our legal obligations. Using Your Personal Data – The Legal Basis and Purposes We will process your personal data:-
As necessary to provide you with the services for which you instruct us and in particular to:-
(a) Satisfy ourselves are regards your identity before agreeing to act on your behalf.
(b) Providing and performing the services for which you engage us.
(c) Keeping our records up-to-date
(d) Keeping track or tracing your whereabouts to enable us to contact you about the services for which we provide you.
(e) To check that the information that has been given to third parties is correct such as the provision of identification information to mortgage lenders.
(f) To comply with our legal and regulatory obligations such as Money Laundering Regulations, Crime Prevention Legislation and the Accounts Rule of the Law Society Scotland.
As required for our own legitimate interests or those of other relevant persons and organisations such as:-
(a) For good governance and provision of services to you.
(b) To monitor communications with you to insure information being provided is accurate.
(c) To conduct third party identity checks to satisfy us as to your identity.
As required to enable us to comply with legal obligations such as:-
(a) When you exercise your rights under Data Protection Laws and make requests.
(b) To comply with legal and regulatory requirements and related disclosures.
(c) For the establishment and defence of legal rights.
(d) For activities relating to prevention, detection and investigation of crime.
(e) To verify your identity, make credit, fraud prevention and anti-money laundering checks.
With your consent.
Sharing of Your Personal Data
Subject to applicable Data Protection Law, we may share your personal data with:-
(a) Your other professional advisers including any Accountant, Doctor or other professional with whom you have asked us to liaise on your behalf.
(b) Our Auditors.
(c) The Law Society of Scotland or Scottish Legal Complaints Commission in pursuance of any complaint you may make against us.
(d) The Legal Defence Union or any firm of Solicitors or other Adviser whom we may instruct in relation to our defence against any claim you may make against us.
(e) Fraud Prevention Agencies, Credit Reference Agencies and other similar Agencies.
(f) Government Bodies and Agencies in the UK and Overseas such as HMRC, Revenue Scotland, The Financial Conduct Authority and the Information Commissioners Office.
(g) Courts to comply with legal requirements and for administration of justice.
(h) In any emergency or otherwise to protect your vital interests.
(i) To protect the security or integrity of our business operations
(j) To other parties with whom you are providing us with joint instructions.
(k) To the Land Register of Scotland, Companies House, The Office of Public Guardian or any other public body with whom a communication is required in order to provide the services to you for which you have instructed us.
(l) Payment systems such as a Bank, Visa or Mastercard if you choose this method to settle any account you may have with us.
(m) Any external Company with whom we have a relationship in order to supply the service for which you have instructed us such as the provision of Property Searches or Medical Reports.
(n) Any other party where we have your consent or are required by law.
(o) Our computer supplier. Peterkin & Kidd operates on a cloud based computing system. Strict security is applied to that system and the data is processed only for legitimate purposes. An appropriate data processing agreement is in place with the provider thereof. Remote servers are UK based and appropriate record protection and disaster recovery plans are in place.
(p) Any party whom we ask to assess our fees including the Auditor of Court.
International Transactions
There may be an international element to the service which we provide to you. This may include receipt of funds from an external jurisdiction or a transfer of funds to that jurisdiction. Your personal data may be transferred outside the UK and the European Economic Area in those circumstances. No guarantee can be provided to you that adequate protection for personal data are available under applicable laws in such other countries.
Identification Verification and Fraud Prevention Checks
The personal data which we have collected from you at any stage of our relationship with you may be shared with Fraud Prevention Agencies who will use it to prevent fraud and money laundering and to verify your identity. If fraud is detected, we may refuse you certain services. We may also search and use our internal records for these purposes. Further details can be supplied to you on how personal data will be used by us and by Prevention Agencies together with your data protection rights in those circumstances.
Credit & Other Relevant Checks
You may have instructed us to provide services to you which involve obtaining funds from a third party. In such circumstances we may obtain such credit and identity checks on you with Credit Reference Agencies, Personal Searchers or other similar Parties to satisfy us as regards your identity and your financial or other standing. To do this, we may supply personal data to the relevant party who will give us information about you. A Credit Search may leave a footprint on your Credit File. This may be a soft footprint where it will have no effect on your credit score or a hard footprint where it will have an effect on your credit score. This may be used by lenders and other parties providing credit in the future.
Other Products
Once you have instructed us to provide services on your behalf, we may contact you about other products that this Firm provides.
Criteria Used to Determine Retention Periods
The following criteria are used to determine data retention periods for your personal data.
Retention in case of queries. We will retain your personal data for as long as necessary to deal with any queries.
Retention in case of claims. We will retain your personal data for as long as you may legally bring any claims against us. At present for most matters the period that is relevant is 20 years which is the period of long negative prescription meaning that a claim cannot be brought against us after that time. However, there may be circumstances where your information is retained longer.
Retention that counts for legal and regulatory requirements. We will retain your personal data after we have provided the service to you or our dealings with you have ceased or otherwise come to an end based on our legal and regulatory requirements. At the time of preparation of this notification the Law Society of Scotland is in the process of updating its guidance on ownership and destruction of files and keeping of records. We may review our procedures from time to time to take this into account.
Your Rights under Applicable Data Protection Law
Your rights are as follows (this is applicable from May 2018 but does not apply in all circumstances. For example you may demand the erasure of personal data but we may refuse in certain circumstances if that data is required in respect of any one or more uses under this notice or is subject to our retention policy):-
You have the right to be informed about the processing of your personal data.
You have the right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed.
You have the right to object to the processing of your personal data.
You have the right to restrict the processing of your personal data.
You have the right to request access to your personal data and information on how we process it.
You have the right to move, copy or transfer your personal data.
You have the right to demand erasure of your personal information.
You have the right to demand that your data is not ported to any one or more party.
You have a right to complain to the Information Commissioners Office. It has enforcement powers and can investigate compliance with Data Protection Law. The website address is ico.org.uk
Exercise of your rights and consequences thereof
If you exercise any of your rights under applicable Data Protection Law, we are obliged to respond to your request without undue delay and within one month of the request being made. We shall apply our policies in relation to such matters. Your exercising of all such rights may restrict or prevent our acting on your behalf of the completion of work for which we are instructed. You should also note that if you delay or fail to provide information requested where that is based on statutory or contractual requirement then that may also restrict or prevent our acting or completing the matter for which we are instructed.
Aggregation of Data
Your personal data may be converted into statistical or aggregated data which cannot be used to identify you. This may be used, for example, to confirm levels of particular business to our insurers or the number of transactions to mortgage lenders when preparing Panel Applications.
Further Security Measures
In addition to Cloud storage, we also store paper files in our premises and also via external companies. There is a Data Processing Agreement in place with such company and storage is secure.
Legal Privilege and client confidentiality
In terms of the regulations applicable to Data Protection, there may be occasions where we are not obliged to comply with the requirements to provide fair processing information or information in response to a subject access request. This means that there may be occasions where we do not provide you with information that you have requested. We are obliged to work confidentially in carrying out the business of our client. This may also work to your advantage in respect that there may be occasions where we do not require to disclose information to third parties. In particular, we will not disclose unless required by law confidential communications between you and us where you seek and we would give legal advice. We will not disclose confidential communications between you and us in contemplation of litigation but this only applies where the communication is for actual, pending or reasonably contemplated litigation.
