Rundlewalker takes its obligations under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 very seriously. When you submit enquiries on our website, we will necessarily ask that you provide personal data to us to allow us to contact you regarding your enquiry. Rundlewalker will treat this information in the strictest confidence and will never pass information on to third parties without your prior permission or unless ordered to do so by Statute, Statutory Instrument or other secondary legislation.
WHO ARE WE?
1. Dudman Shaw Limited is a limited Company incorporated in England and Wales and is a controller and processor under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
WHOSE DATA DO WE HOLD?
2. We may hold data about the following people:
• Clients, customers and prospective new clients
• Suppliers and service providers
• Advisors, consultants and other professional experts
• Complainants and enquirers.
WHAT DATA WILL WE COLLECT?
3. We may only collect information from you that are relevant to the matter that we are dealing with. In particular we may collect the following data from you or third parties and this is defined as “personal data”:
• Personal details
• Family, lifestyle and social circumstances
• Financial details
• Business Activities of the person whose details we are processing
SPECIAL CATEGORIES OF DATA
4. We may also collect information that is referred to as being in a “special category”. This could include:
• Sickness, Physical and mental health details and medical records
• Racial or Ethnic Origin
• Religious beliefs
• Criminal Convictions
• Sexual orientation
5. Information needed for equal opportunities monitoring policy and other special categories of information relating to those categories listed above will only be collected if we obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
BASIS FOR PROCESSING DATA
6. The basis on which we process your personal data is one or more of the following:
• It is necessary for the performance of our contract with you
• It is necessary for us to comply with a legal obligation
• It is in our legitimate interest to do so
• You have given us your consent (this can be withdrawn at any time)
HOW WE WILL USE YOUR DATA
8. We may use your information for the following purposes:
• Provision of Legal services including advising and acting on behalf of clients
• Promotion of our goods and services
• Maintaining accounts and records
9. Under the Solicitors Code of Conduct there are very strict rules about who we can share your information with and this is usually limited to people who will assist with your matter. This may include:
• Medical experts
• Private Investigators
• Healthcare professionals, social and welfare organisations
• Courts and Tribunals
• Legal Expenses Insurers
• Otherside Legal advisors
• Estate Agents and Financial Advisors
10. Where you authorise us we may also disclose your information to your family, associates and other representatives.
11. We may disclose your information to debt collections agencies if you do not pay our bills.
12. We may transfer information about you to other group companies for purposes connected with your employment or the management of the company’s business.
13. As a company, we may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, for administrative purposes or for reporting potential crimes.
14. If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that purpose and any other relevant information.
15. We will not transfer data belonging to a client or individual outside of the European Economic Area. If a transfer of data outside the EEA is necessary, express prior consent of the client/individual will be sought.
HOW LONG WILL YOUR DATA BE STORED FOR?
16. We will usually keep your information throughout the period of time that we do work for you and afterwards for a period of 6 years as we are required to do so by Law and also by the regulations that apply to us.
17. In some cases (for example where we have prepared a Will for you) we may retain your information for a longer period of time and we will advise you of this at the time.
18. More information is set out in our Data Retention Policy which is available on request from the Data Protection Officer.
19. For new enquirers or prospective new clients (e.g. from an initial interview), we will hold your information for a maximum of 1 year.
20. We shall ensure that all information that you provide is kept secure using appropriate technical and organisational measures. We also meet the relevant standards required by Lexcel.
21. In the event of a personal data breach we have in place procedures to ensure that the effects of such breach are minimised and we shall liaise with the ICO and with you as appropriate.
WHAT ARE YOUR RIGHTS?
22. You have the following rights with regards to your personal data under the GDPR and the Data Protection Act 2018:
• Right to be Informed
• Right of Access
• Right to Rectification
• Right to Erasure
• Right to Restriction of Processing
• Right to Data Portability
• Right to Object
• Rights concerning automated decision making and profiling.
RIGHT OF ACCESS
23. You have the right to see information we hold about you.
24. To access this information you need to provide a written request in writing to our Data Protection Officer together with proof of identity. We will usually process your request free of charge and within 30 days, however we reserve the right to charge a reasonable administration fee and to extend the period of time by a further two months if the request is manifestly unfounded or vexatious and/or is very complex.
25. Full details are available in our Data Subject Access Policy which is available on request from the Data Protection Officer.
RIGHT OF ERASURE
26. You have the right to ask us to erase your data in certain cases (details can be found in Article 17 of the GDPR).
27. We will deal with your request free of charge and within 30 days but reserve the right to refuse to erase information that we are required to retain by law or regulation, or that is required to exercise or defend Legal claims.
28. If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
WHO YOU CAN COMPLAIN TO
29. If you are unhappy about how we have used your information or responded to a request then initially you should contact Dudman Shaw Limited, T/A Rundlewalker Solicitors. If your complaint remains unresolved or you do not believe that we have complied with the requirements of the GDPR or DPA 18 with regard to your personal data, you should contact the Information Commissioners Office; details are available at:
www.ico.org.uk. The ICO can be contacted at the Information Commissioner Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF. Phone: 0303 123 1113 or email email@example.com.
30. Dudman Shaw Limited, T/A Rundlewalker Solicitors is the controller and processor of data for the purposes of the GDPR and DPA 18. If you have any concerns as to how your data is processed you can contact:
Roger Henderson, Data Protection Officer, Rundlewalker Solicitors, King’s Wharf, The Quay, Exeter EX2 4AN, or email firstname.lastname@example.org.
There is lots of guidance explaining what cookies are and what they can do. If you want more information you can visit these sites: