Simpson Jones are a firm of Solicitors providing legal services as detailed on our website.
We are a data controller (see contact details below). This means we decide how your personal data is processed and for what purposes.
Simpson Jones has created this Privacy Information Policy because we take your privacy very seriously. We always treat any personal details you give us as confidential.
The policy sets out who we are, what information we collect from you, how we use it and your data rights.
Your instructions to us to act for you will constitute your agreement and consent to our data processing and retention policies.
We are committed to being transparent about how we handle your personal information, to protecting the privacy and security of your personal information and to meeting our data protection obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information during and after your working relationship with us. We are required under Data Protection Legislation to notify you of the information contained in this privacy notice. This privacy notice applies to all current and former clients, those who make enquiries of us, current and former employees, workers and contractors.
Simpson Jones has a Data Protection policy to oversee compliance with this Privacy Policy. For further information please contact us at enquiries@simpsonjones.co.uk or ring (01332 200200) and ask to speak to Partner – Head of Operations – Paul Chapman .Full contact details are towards the end of this Policy but please note that Paul Chapman (paulc@simpsonjones.co.uk) has overall responsibility for Simpson Jones Privacy Information Policy.
Under the Data Protection Legislation, there are six data protection principles that Simpson Jones must comply with. These provide that the personal information we hold about you must be:-
We are responsible for, and must be able to demonstrate compliance with, these principles. This is called accountability.
Personal data relates to any living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Personal data can be anything from a name, date of birth, address (including IP address), National Insurance number, sex, to medical records, to information retained by us on a file.
Our legal basis for collecting and storing your personal data is to provide legal advice and our right to retain that data is on the grounds of legitimate interest which is to establish, exercise or defend our legal rights in the event of any claim arising in relation to the legal advice provided.
Electronic client data will be stored in our File Management System called Insight. This contains all file details including personal data, letters, documents, emails, and ledgers. This is situated with the European Economic Area (EEA). We meet our obligations by keeping all personal data up-to-date.
Paper based data is kept on files at the office where the work is carried out and kept secure in lockable filing cabinets.
All paper and electronic data is stored securely and also destroyed securely. We protect personal data from loss, misuse, unauthorised use and disclosure with appropriate policies and internal training and technical measures in place to protect personal data which is underpinned by a Data Protection Policy.
As regards electronic data, our servers are stored in a secure room on site. We operate a secure networked environment with built in firewall protection and protection is administered by Tiedata Ltd.
Paper waste is destroyed on site and this is carried out by a third party confidential waste company.
Paper files archived off site are destroyed securely by the hosting third party company.
If you provide personal data about yourself or your company when using our website, it will only be used to give an answer to your enquiry. The personal data collected will be limited to that to enable us to be able to satisfy ourselves this is a genuine enquiry and to answer that enquiry.
The personal data in relation to that enquiry will be retained on our File Management System for 6 years prior to destruction. It will be retained for that period on the grounds that we have a legitimate interest to do so; namely, to establish, exercise or defend our legal rights arising out of any advice given.
We do not share your personal data with any third party except where necessary to answer to a query raised by you. If we need to communicate with a third party to deal with your enquiry we will request your written consent to do so. However, if we are formally instructed by you to act this will be governed by our Terms of Business.
Simpson Jones will process your personal data for the purposes of and so long as we are instructed by you in relation to a matter in which you have signed a Terms of Business letter and a processing of data form. The legal work undertaken by us will be as detailed in the said Terms of Business letter with which we also provide a Terms of Business and Service Commitments Leaflet which details our obligations of confidentiality, your data protection rights and our need to share information with third parties as appropriate in representing your interests.
We reserve the right to retain file records and data where we have acted for you for the necessary establishment, exercise or defence of any possible legal claim against the firm. The relevant periods for which the file will be retained prior to destruction (both paper and electronic) are:-
Conveyancing Purchases, Re-Mortgage, Transfer of Equity – 12 years
Conveyancing Sale – 7 years
Trusts (unless file given to client) – Indefinitely
Probate & Administration – Indefinitely
Wills/Enduring Powers of Attorney – Indefinitely
Registered Title Deeds – Indefinitely
Simpson Jones will retain Wills in our wills storage system at your request and retain them until asked to release them to you.
Clients are only sent information about services that we provide where they specifically request us to do so when completing a client satisfaction questionnaire and thereafter we do not provide further information from time to time unless we have their express informed consent to do so.
Client satisfaction questionnaires are retained in line with the retention period for the transaction that they relate to and then securely destroyed where appropriate.
Simpson Jones has a separate privacy notice for employees which by way of illustration details the types of personal information we collect, how we collect it, and why and how we use personal information. This separate notice is available to all existing employees internally and is available on request to former employees.
Any paper data is retained in lockable filing cabinets in a secure room. Electronic data is stored on People HR, which is a cloud-based Portal and hosted within the EEA.
This data is retained for 6 years from the date of leaving our employment and is then securely destroyed. Payroll data is retained for 3 years prior to destruction. Specific medical related data maybe held longer; for a period of 40 years.
This data for applicants who apply for employment with Simpson Jones is retained for 3 months and then is securely destroyed.
Data subjects may make Subject Access Requests (SARs) at any time to find out more about the personal data which the Firm holds about them, what it is doing with that personal data, and why.
Data subjects wishing to make a SAR may do so in writing, using the Firm’s Subject Access Request Form, or other written communication. SARs should be addressed to the Firm’s Data Compliance Manager at paulc@simpsonjones.co.uk or by post to Simpson Jones Solicitors, 2 Stuart Street, Derby, Derbyshire, DE1 2EQ.
Responses to SARs shall normally be made within one month of receipt, however, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
All SARs received shall be handled by the Firm’s Data Compliance Manager.
The Firm does not charge a fee for the handling of normal SARs. The Firm reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
If you have reason to believe that you have been subject to a breach of your personal data rights please contact Paul Chapman – Partner – Head of Operations by email at paulc@simpsonjones.co.uk or by post to Simpson Jones Solicitors, 2 Stuart Street, Derby, Derbyshire, DE1 2EQ.
We have a policy and procedures to deal with any potential breach of data.
A cookie is a small file which asks for permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as a individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use cookies to identify which pages are being used. This helps us to analyse data about web page traffic and improve our website and services in order to tailor it to customer’s needs. We only use this information for statistical analysis purposes.
Cookies help to provide you with a better website and service, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you taking full advantage of the Simpson Jones website.
For more information about cookies please see our separate Cookies page on our website.
To exercise all your statutory rights, queries, or complaints about how we have processed your personal data please contact in the first instance the Data Protection Team at 2 Stuart Street, Derby, DE1 2EQ or by email at enquiries@simpsonjones.co.uk or by ringing our main line number on 01332 200200 and asking to speak with Partner – Head of Operations – Paul Chapman.
You have the right to contact the Information Commissioner’s Office (ICO) on 03031231113 or via email at https://ico.org.uk/global/contact-us/ at the ICO’s office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
If we wish to use your personal data for a new purpose, which is not covered by this Privacy Information Policy we will provide you with a new notice explaining the new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Internet and data privacy practice is continually developing. Therefore, we reserve the right to revise our policy at any time. If our Information Privacy Policy changes in any way, we will post an updated version on this page.
By using this website you consent to the collection and use of any personal information in the matter set out above.
