Privacy Policy

PRIVACY POLICY

  1. Introduction
    • C W Harwood & Co Limited (trading as Harwood & Co and C W Harwood & Co) (the Firm) takes the privacy and security of all data, in particular personal data, extremely seriously and is committed to ensuring that it takes all necessary and reasonable steps to safeguard that personal data at all times and in the best way possible.
    • The purpose of this privacy policy is to set out:
      • who the Firm is;
      • the personal data it collects;
      • how, when and why it collects, stores, uses and shares personal data;
      • how it keeps personal data secure;
      • for how long it keeps personal data;
      • the rights of a data subject in relation to their personal data, and
      • how to contact the Firm, or the relevant supervisory authorities, in the event of a complaint.
    • To enable the Firm to advise you, provide legal services to you or take your instructions/provide the Firm needs to collect, use and process or deal with certain personal information about you. When it does so it is subject to provisions set out in regulation and legislation. The legislation and regulations to which the Firm is subject in this regard include the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA 2018), the Network and Information Security Directive 2016, the Privacy and Electronic Communications Regulations and the SRA Standards and Regulations 2018.  From December 2020 the Firm will also be subject to the UK General data protection Regulations (UK GDPR)
    • The Firm is responsible as what is described as a controller of personal data for the purposes of those laws. In other words, the Firm is primarily responsible for that data and are the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data” as defined in Article 4(7) of the GDPR.
    • If you have any questions about the use to which that personal data is put please email the Firm at info@harwood.law or write to Data Protection Officer, Harwood & Co, 8E Josephs Well, Hanover Walk, Leeds, LS3 1AB.
    • This policy applies in all circumstances but in particular where you (or someone or an organisation on your behalf):
    • Instructs the Firm to act on your behalf or to provide you with advice and/or information;
      • enquire about instructing the Firm;
      • visit the Firm’s website;
      • submit an enquiry, make contact with the Firm or sign-up to receive the Firm’s newsletter;
      • request information from, or provide information to, the Firm; and
      • attend events or seminars hosted by the Firm.
    • This policy will also apply where the Firm,
      • conducts searches of public sources on you in connection with its marketing or business acceptance processes;
      • agrees to provide legal services to you or the organisation for whom you work;
      • adds you to a mailing or marketing list.
    • Please note that in general the services provided by the Firm are not principally aimed at children. This is because children are generally represented by their parent or guardians. If you are a child and you require further advice or explanation about how the Firm would use your data, or if you represent the interests of a child and you would like the child to receive further advice and explanation, then please contact the Firm using the details set out in 1.5 above.
    • The Firm is committed to preserving the privacy of your data so that it can:
      • deliver services of a high quality to all of its clients;
      • at all times comply with the law and the various regulations to which it is subject;
      • preserve the confidentiality of your personal data in compliance with the provisions set out in the SRA Standards and Regulations;
      • meet the expectations of customers/clients, employees and third parties; and
      • protect the Firm’s reputation.
    • In this policy, please note the use of the following terms:
      • “the Firm” refers to C W Harwood & Co Limited trading as C W Harwood & Co or Harwood & Co;
      • “you” and “your” refers to the person whose data is processed;
      • “personal data” has the meaning given to it by the GDPR and DPA 2018 and means any information relating to an identified or identifiable individual (known as ‘data subject’);
      • “processing” means any operation or actions performed on personal data – for example collection, recording, organisation, structuring, storing, altering, deleting or otherwise using.
  1. Your personal data
    • The Firm may collect, store, use and share personal data relating to you in the course of acting for, or advising, you. The data the Firm will need to collect from you in order for it to be able to act for, or advise, you may include the following:
      • Your name and contact details including your address, telephone number, mobile telephone number, email address, DX address.
      • Information about your gender;
      • Where you are located;
      • Information about your online presence (e.g. LinkedIn, Twitter) whether you have linked to the Firm or its Facebook or LinkedIn page;
      • Professional or trade related information;
      • Information required by the Firm in order to enable it to check and verify your identity (for example for anti-money laundering purposes or generally as a means of helping to prevent fraud). This may include passport details, driving licence details, date of birth, European ID card, or the MPAN number of your address;
      • Information as to the matter in which the Firm is acting or advising you;
      • Information required by the Firm in order to carry out a financial or credit check;
      • Financial details relating to you including details of your bank account if money is, or is likely to need to be sent to you and your billing information.
      • Your national insurance and/or tax details;
      • Details of your spouse/partner and dependants or other family members, where for example you have instructed the Firm on a family matter or in connection with a will, trust or similar arrangement;
      • Details of your employment status and other related details including, but not limited to, salary and benefits and records relating to sickness and attendance, performance, disciplinary, conduct and grievances (including relevant special category personal data), where for example you instruct the Firm in a matter related to your employment or in which your employment status, income or employment records are relevant;
      • Details of your racial or ethnic origin, gender and sexual orientation, religious or similar beliefs where for example you instruct the Firm in relation to discrimination or other similar claim;
      • Details of your medical records and of any injuries and other personal physical, mental or medical details where for example the Firm is acting for you and your medical records are relevant to a case;
      • Marketing and communications data including where relevant your preferences in relation to receiving marketing and communications from the Firm;
      • Transaction data including details about any payments to and from you;
      • Technical data including internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technological data relating to your use of the Firm’s website or client portal;
      • Recordings of telephone calls you have with this firm.
    • Please note that failure to provide the personal data requested may prevent the Firm from acting for you or delay the provision of services.
    • In most cases the Firm will collect data about you directly from you by letter, email, using a secure portal on its website, by phone or at a meeting with you. However, the Firm may also need to acquire information about you:
      • From publicly available sources such as HM Land Registry, Companies House, professional records and other membership records;
      • From third-party services such as screening suppliers, credit reference agencies, due diligence suppliers;
      • From third parties with whom you have a relationship, including banks, building societies, financial institutions. other professionals and advisers. Employers. professional bodies. Doctors. trade unions and debt collection agencies instructing us on your behalf.
      • Through information technology related methods including by the use of cookies on websites, CCTV systems, car parking access control systems, email and instant messaging services.
    • Please note that it is important that the personal data which the Firm holds about you is accurate and current. Please keep the Firm informed if your personal data changes during your relationship with it.
    • The Firm may also obtain personal data about you in relation to your use of the Firm’s website. This information may include your computer’s IP address and the operating system and web browser that you use to access the Firm’s website. This enables the Firm to identify who has visited its website and the information is used to produce statistical data on the use of that site and to help the Firm to enhance the user experience in the future.
  2. The purposes for which your information is used
    • Data protection law requires that the Firm only use your personal data for the purposes for which it was acquired or where the Firm has a proper reason for using it. Those reasons can include:
      • Where you have given consent to the use of your personal data for one or more specific purposes;
      • Where the use is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
      • Where the use is necessary for compliance with a legal obligation to which the Firm is subject;
      • Where the use is necessary in order to protect your vital interests or those of another person;
      • Where the use is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Firm;
      • Where the use is necessary for the purposes of the Firm’s legitimate interests or those of a third party, except where those interests are overridden by your interests or fundamental rights and freedoms or which require protection of personal data, in particular you or the relevant person is a child.
    • The reasons set out above are the general position as to what your personal data may be used for. The specific position in relation to your personal data however is that the Firm may use it for the following purposes:
      • To provide you with legal services, advice or representation so that the Firm can comply with its contract with you and/or take any steps that it is necessary for the Firm to take before entering into a contract with you;
      • To prevent or detect fraud either against you or against any other person involved in any matter in which you are involved. This will help to prevent any damage either to you, a third party or to the Firm;
      • To carry out identity checks and undertake information gathering and audits as required by the Solicitors Regulation Authority or other regulatory bodies to comply with any legal and/or regulatory obligations to which you or the Firm is subject;
      • To carry out anti-money laundering checks;
      • To undertake financial, embargo and other security checks and such other processing activities as are required for legal and regulatory compliance generally or specifically by your or the Firm’s regulator(s);
      • To gather and provide and information required by or relating to audits, enquiries or investigations by your or the Firm’s regulator(s);
      • To preserve the confidentiality of commercially sensitive information and for the Firm’s legitimate interests or those of a third party in relation to the protection of the Firm’s, or another’s, intellectual property and other commercially valuable information;
      • To comply with the Firm’s legal and regulatory obligations;
      • Complying with the Firm’s internal business policies and for operational reasons such as security, confidentiality, competency and efficiency control, training and client care. This will help the firm to deliver the best service to you;
      • Audits and external quality reviews in relation to standards adopted by the Firm;
      • Statistical analysis to enable the Firm better to manage its business for example in relation to financial performance, client base. range of services;
      • Maintaining and updating records to ensure accuracy of processing and preventing unauthorised access and modifications to systems and to prevent and detect criminal activity that could be damaging for the Firm and for you;
      • Legal and regulatory obligations and to make information returns to regulators and legally constituted bodies;
      • To ensure safe working practices, staff administration and assessments;
      • Marketing the Firm’s services to existing and former clients and third parties;
      • Credit control and credit reference checks in relation to the services the Firm performs;
    • The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data and data concerning health, sex life or sexual orientation.  The Firm will only ever process information of that nature with your explicit consent.
  3. Contacting you
    • In addition to the general matters dealt with above, the Firm may also need to send you updates concerning legal and other relevant developments in relation to you, the matter in connection with which the Firm is instructed, your personal business or family interests or other related matters which might concern, or be of interest to, you. This may be by post, telephone, email or text and may include information about the legal and other services that the Firm offers and information relating to changes in those services.
    • The Firm regards itself as having a legitimate interest in processing your personal data for these purposes and that it does not require your consent in order to do so. From time to time the Firm undertakes what is known as a ‘legitimate interest assessment’ to balance its interests in contacting you with those of your own in relation to your data. Where the Firm believes that consent is required, it will contact you specifically for this and will do so in a clear and transparent manner.
    • Be assured that the Firm will treat your personal data with the utmost respect and will never share it with others for marketing or promotional purposes. You have, at all times, the right to request that the Firm do not contact you for any purpose other than carrying out the matter which it is instructed to undertake.  The Firm may however require that you confirm your marketing preferences from time to time so that it can be sure that your views remain the same especially in relation to issues such as legal and regulatory updates.
  4. Sharing your data with others
    • Notwithstanding the fact that the Firm will not share your personal data for marketing purposes, it may be necessary for it to share your personal data with others. This may be in order to:
      • carry out or legal services for you;
      • provide advice, assistance and representation to you;
      • to comply with its contractual obligations to you; or
      • to comply with legal or regulatory obligations to which you or the Firm is subject.
    • Those with whom the Firm may share your personal data include:
      • professional advisers used in connection with the matter in which the Firm is instructed by you, for example accountants, advisers, experts, barristers, medical professionals, search agents and advocates];
      • third parties involved in the matter in which the Firm is instructed by you, for example financial services providers, banks, building societies, insurers and registrars;
      • government and similar organisations such as H M Land Registry, Companies House, HM Revenue and Customs;
      • others within the Firm’s business;
      • your/the Firm’s regulator(s);
      • credit reference agencies in connection with the Firm’s contract with you;
      • the Firm’s bank, insurers and insurance brokers;
      • external auditors in relation to the audits and external quality reviews referred to above;
      • suppliers of services required in relation to your matter; and
      • An agent providing us instructions on your behalf (such as a Debt Collection Agency or Estate Agency).
    • When sharing your personal data, the Firm will ensure at all times that those with whom it is shared process it in an appropriate manner and take all necessary measures in order to protect it. The Firm will only ever allow others to handle your personal data if it is satisfied that the measures which they take to protect your personal data are satisfactory.
    • Please be aware that, from time to time, the Firm may be required to disclose personal data and exchange information about, or relating to, you with government, law enforcement and regulatory bodies and agencies in order to comply with its own legal and regulatory obligations.
    • During the course of, and sometimes following the conclusion of, the instructions from you the Firm may need to share your personal data with other third parties involved in a relevant transaction. The Firm will only share that information which is necessary to do so.
    • The Firm may also need to share some personal information with other parties, such as potential buyers of some or all of the Firm’s business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
    • From time to time it may be necessary for the Firm to share data for statistical purposes for example with its regulatory body. The Firm will always take steps to ensure that information shared is anonymised but, where this is not possible, the Firm will require that the recipient of the information keeps it confidential at all times.  Steps will be taken at such time to ensure that the sharing of this information does not lead to a conflict between your interests and those of another client, third party or the Firm.
  5. How your personal data is kept
    • Your personal data will be kept secure at all times.
    • Some of your personal data will be held at the Firm’s offices, at third party agencies and service providers, representatives and those agents used by the Firm as set out above.
    • Some of your data may be held on served hosted by third party providers. This data is routinely held inside the European Economic Area. However. where this takes place outside of the European Economic Area (EEA) then the provisions set out below will apply.
      • The Firm operates various security measures in order to prevent loss of, or unauthorised access to, your personal data. In order to ensure this, it restricts access to your personal data to those with a genuine business need to access it and has procedures in place to deal with any suspected data security breach. The Firm will notify you and any applicable regulator of a suspected data security breach where it is legally required to do so and the need arises.
    • Personal data that is processed by the Firm will not be retained for any longer than is necessary for that purpose or for purposes relating to or arising from that purpose.
    • Where your personal data is retained after the Firm has finished providing its product/service to you or where the contract with you has ended in any other way, then this will generally be for one of the following reasons:
      • So that the Firm can respond to any questions, complaints or claims made by you or on your behalf;
      • So that the Firm is able to demonstrate that your matter was dealt with adequately and that you were treated fairly;
      • In order to comply with legal and regulatory requirements.
    • In general, the Firm will retain your data for only so long as is necessary for the various objectives and purposes contained in this policy. Please note, however, that different periods for keeping your personal data will apply depending upon the type of data being retained and the purpose of its retention.
    • The Firm will retain your personal data as follows:
      • Personal data relating to litigation matters will be retained for six years
      • Personal data relating to properties matters will be retained for twelve years
      • Contact details so that the Firm can inform you of updates concerning its services and about relevant developments in relation to you, the matter about which you instructed the Firm or other related matters which might concern, or be of interest to, you, accounts data, money laundering checks data and your documents will be retained for twelve years..
      • Personal data may be held for longer periods, and for such time as is necessary for compliance with a legal obligation to which the Firm is subject, or in order to protect your vital interests or the vital interests of another natural person.
  1. Transferring your data outside of the EEA
    • In order for the Firm to provide you with the services in connection with which it has been instructed, it may be necessary for the Firm to share your personal data with those who are outside the EEA where, for example, those persons have offices outside of the EEA, are based outside of the EEA, where electronic services and resources are based outside of the EEA or where there is an international element to the instructions the Firm has received from you. Where this is the case, special rules apply to the protection of your data.  From December 2020 the provisions of the UK GDPR will also become relevant and the sharing of information outside of the UK will become subject to very similar provisions.
    • The Firm may also need to transfer your personal data with non-EEA countries that have not been assessed by the European Commission as providing adequate protection. In such cases the Firm will always take steps to ensure that wherever possible the transfer complies with data protection law and that your personal data will be secure.
    • For further information please contact the Firm by e-mailing info@harwood.law, calling 0113 2457027 and asking for the data protection officer, or writing to The Data Protection Officer, Harwood & Co, 8E Josephs Well, Leeds, LS3 1AB.
  2. Your rights in relation to your data
    • The GDPR and data protection legislation gives you, the data subject, various rights in relation to your personal data that is held and which is being processed. These rights are exercisable without charge and the Firm is subject to specific time limits in terms of how quickly it must respond to you.  Those rights are, in the main, set out in Articles 12 – 23 of the GDPR. They are as follows:
      • A right of access – that is to say the right to obtain from the Firm confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to that personal data and various other information including the purpose for the processing, with whom the data is shared, how long the data will be retained and the existence of various other rights (see below);
      • A right to rectification – that is to say the right to obtain from the Firm, without undue delay, the putting right of inaccurate personal data concerning you;
      • A right to erasure – sometimes referred to as the right to be forgotten, this is the right for you to request that, in certain circumstances, the Firm deletes data relating to you;
      • A right to restrict processing – the right to request that in certain circumstances the Firm restricts the processing of your data;
      • A right to data portability – that is to say the right in certain circumstances to receive that personal data which you have provided to the Firm, in a structured, commonly used and machine-readable format and the right to have that personal data transmitted to another controller;
      • A right to object – a right in certain circumstances to object to personal data being processed by the Firm where it is in relation to direct marketing or in relation to processing supported by the argument of legitimate interest; and
      • A right not to be subject to automated decision making – that is to say a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
    • Full details of these rights can be found in the GDPR or by reference to guidance produced by the Information Commissioner’s Office.
    • In the event that you wish to exercise any of these rights you may do so by:
      • Contacting the Firm using any medium you wish including in writing, by telephone, by text, electronically or using such social media as the Firm employs for communication purposes;
      • By completing a form which the Firm can supply to you for this purpose;
      • Through a third-party whom you have authorised for this purpose.
    • Please bear in mind that there are some restrictions on your rights to exercise the rights set out above and that, in some cases, if you choose to exercise those rights that the Firm will be unable to perform the instructions you have given it. If that is the case, the Firm may need to cease to act for you.
  3. Keeping your data secure
    • In order to ensure that data is kept secure and to prevent there being any breach of confidentiality the Firm has put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to do so and regard will be had to the need for confidentiality when that personal data is processed.
      • The Firm’s systems are subject to rigorous testing.
      • In the event that there is a suspected data security breach you will be notified. Where relevant the Firm will also inform the appropriate regulator (including the ICO) of a suspected data security breach where it is legally required, or has a regulatory obligation, to do so.
      • Please note that the transmission of information via the internet is not completely secure. Although the Firm will do its best to protect personal data, it cannot guarantee the security of any data transmitted to it via its website or to or from it via email. Any transmission using these methods is at your risk. Once the Firm has received your information, it will be able to set up procedures and security features, such as encrypted emails to try to prevent unauthorised access.
      • The Firm also takes appropriate steps to keep your personal data safe from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss consistent with applicable law. This applies both to electronic and physical data and to that end its premises are access controlled and electronic data requires users to use login and password authentication.
      • All of the Firm’s directors, partners, staff and third-party service providers who have access to your personal data are subject to confidentiality obligations.
  1. Making a complaint
    • If you have any queries as the acquisition, use, storage or disposal of any personal data relating to you please contact the Firm by e-mailing info@harwood.law, calling 0113 2457027 and asking for the data protection officer, or writing to The Data Protection Officer, Harwood & Co, 8E Josephs Well, Leeds, LS3 1AB.
    • Notwithstanding the Firm’s best efforts, inevitably sometimes things do go wrong. If you are unhappy with any aspect of the use and/or protection of your personal data, you have the right to make a complaint to an appropriate supervisory authority.  In the United Kingdom this is the Information Commissioner’s Office who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510 or online at https://ico.org.uk/concerns .
  2. This policy
  • The terms and provisions of this privacy policy may be changed, updated and amended from time to time. If the Firm does so during the time when it is providing you with products/services then it will inform you of those changes.

If you would like this policy to be supplied to you in another format (for example audio or large print) please contact us:

Phone: +44 (0)113 245 7027 | Email: info@harwood.law