Privacy Policy

Morris & Bates Solicitors understands the value of your personal information and we respect your right to privacy. We are committed to maintaining your confidence and trust. This commitment includes protecting the personal information that we obtain from you.

Morris & Bates Privacy Policy

Morris and Bates Limited trading as Morris & Bates ("we", "our", "us") take your privacy very seriously.

This Privacy Policy sets out how we use and look after the personal information we collect from you. As the organisation who is responsible for, and controls the processing of your personal data, we are the data controller, and sometimes also the data processor, and will take reasonable care to keep your information secure and to prevent any unauthorised access or use of it.

We may update this Privacy Policy from time to time and will inform you to any changes in how we handle your personal data.

1. Information we may collect from you

Personal data means any information about an individual from which that individual can be identified.

We may collect, use, store and transfer some personal data of our clients, employees and suppliers (data subjects).

The data we collect from clients may include:

· Name, surname at birth, date of birth, place of birth, marital status, gender, occupation and employer details and national insurance number.

· Contact information, such as home address, email address and telephone numbers.

· We may hold additional data such as photo identification and address identification documents, details of a client’s partner or members of a clients family for the purposes of meeting our responsibilities in dealing with a case or matter for a client.

The data we collect from employees may include:

· Name, gender, date of birth, national insurance previous employer details, bank details and salary,

· Contact information, such as home address, email address and telephone numbers.

The data we collect from suppliers may include:

· Name, gender and bank details.

· Contact information, such as business address, email address and telephone numbers.

2. How is your personal data collected?

A client may give us their personal data by filling in a form or by communicating with us by post, phone, email, in person, via our website or otherwise.

An employee may give us their personal data by CV as an applicant for employment, by interview on being appointed to a post or by communicating with us by post, phone, email, in person, via our website or otherwise

A supplier may give us their personal data when accepting instructions or orders or when invoicing.

3. How we use personal data

We will use personal information only for the purposes for which it has been provided.

The reason we need the personal data of our clients, employees and suppliers is to be able to be engaged in the business of providing legal services to clients of the firm and to properly administer our business.

The lawful basis for processing the personal data is that we have a contractual obligation to our clients, employees and suppliers to provide legal services and administer the business or we have a legitimate interest to ensure that our business is administered properly and in accordance with the rules and regulations of the Law Society and Solicitors Regulation Authority as well as the general law..

We have set out below, in a table format, a description of all the ways we plan to use your personal data and the legal basis we rely on to do so. Where appropriate, we have also identified what our legitimate interests are.

Purpose/ Processing Activity

Lawful Basis for processing under Article 6 of the GDPR

to respond to your enquiry;

Legitimate interest - To run our business efficiently and as we see fit.

to deal with your instructions as a client;

Performance of a contract/Legitimate interest – For the purpose of administering our business of providing legal services

to send information to you;

Performance of a contract/Legitimate interest – To run our business efficiently and as wesee fit

to fulfil any contract that we may enter into with you;

Performance of a contract

to send marketing information to you

Consent – We will only send direct marketing if the individual is an existing client, or, has actively provided consent.

sending out information and updates

Performance of a contract/Legitimate interest - To run our business efficiently and as we see fit.

sharing data with insurers, suppliers of services (such as barristers).

Legitimate interest - To run our organisation efficiently and as we see fit.

sharing data with regulatory bodies such as the Law Society or Solicitors Regulation Authority

Performance of a contract/Legitimate interest - For the purpose of administering our business efficiently as we see fit

sharing anonymised data such as employee diversity data with a regulatory body

Legitimate interest – To run our business efficiently and as we see fit.

Commencing proceedings such as Court proceedings or applications for Probate and filing witness statements and documents at Court

Performance of a Contract/Legitimate interest - for the purpose of administering the legal services we provide

Direct Marketing: We may wish to send you marketing information, by post, e-mail, or SMS. We will only do this if you have given your consent to your personal data being used in this way (either when you submit your details to us or at a later stage). You can update your marketing preferences by writing to the Data Protection Officer at the address below.

4. Sharing your personal data

I appropriate cases we pass information to solicitors and other necessary third parties in connection with transactions or cases.

We may share your personal data with our insurers, courts and other similar bodies, suppliers and sub-contractors in order to ensure that your instructions to us are administered properly and in accordance with the rules and regulations of the our regulatory bodies and the general law.

Third-party service providers will only process your personal data for specified purposes and in accordance with our instructions.

We may disclose your personal information to third parties if we are under a duty to comply with any legal obligation; or to protect the rights, property, or safety of our clients, employees or others.

5. Protection of your personal data

We are committed to protecting your privacy and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

6. Data Retention

We keep personal data on our clients while we are acting upon instructions received and for at least six years after instructions have terminated for whatever reason. We will delete this data sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.

We keep personal data on our employees while they are in our employment and for three years after employment has terminated for whatever reason. We will delete this data sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.

We keep personal data on suppliers and sub-contractors while they are engaged by our business and for six years after the engagement has terminated for whatever reason. We will delete this data sooner if specifically requested and we are able to do so. We may need to retain some personal data for longer for legal or regulatory purposes.

In some circumstances we may anonymise the personal data we receive (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

7. Web-site

When you visit our website, the website, we, may collect, process and use information about you which may not personally identify you but which may be helpful for improving the operation of the website. Such information may be collected through "traffic data" and may entail the use of "cookies", "IP Addresses" or other numeric codes used to identify your computer. You can delete cookies or configure your computer to reject them, although this may disable the website’s ability to manage individual sessions.

8. Third Party Links

This website may contain links to other sites. Please be aware that we are not responsible for the privacy practices of these sites. We encourage our users to be aware when they leave this website and to read the privacy statements applicable on those sites. This privacy policy does not apply to information collected on third parties’ sites.

9. Your Rights

All data subjects have the right to:

· Request access to your personal data

· Request rectification of the personal data that we hold about you.

· Request erasure of your personal data where there is no good reason for us continuing to process it.

· Object to processing of your personal data for direct marketing, or where we are processing on the grounds of a legitimate interest of that interest is overridden by your rights and freedoms.

· Request restriction of processing of your personal data while we establish the data's accuracy, or verify an overriding interest to object to processing; where our use of the data has been unlawful but you do not want us to erase it; where you need us to hold the data to establish, exercise or defend legal claims.

· Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.

· Withdraw consent at any time where we are relying on consent to process your personal data.

· Complain at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).

10. Contact Us

If you have any queries about this Privacy Policy, wish to stop direct marketing by us, or you wish to access or update your information please email dhjones@morrisbates.co.uk or write to The Data Officer, Morris & Bates, Alexandra Rad, Aberystwyth SY23 1PT.