Portner Law Limited has not appointed a Data Protection Officer (DPO). This is because Portner’s organisation’s core activities do not include regular and systematic monitoring of your data on a large scale and nor does Portner process special categories of data (criminal convictions or offences) and therefore Portner does not need to appoint a Data Protection Officer.
However, Karen South is responsible for Data Protection.
We are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number ZA237959
Portner Law Limited obtain personal data from you in respect of their provision of legal services to you. We are the Controller and the Processor of this information.
Portner Law Limited do not use your personal data for marketing purposes and we do not sell on your personal data. The information we collect on you is relevant to the legal services which we provide on your behalf. We do not carry out profiling from the personal data you pass to us.
Portner Law Limited do not use data that has been provided to us indirectly. In other words, we do not observe, track you online or by smart devices.
We do not derive your data from combining other data sets.
We do not use algorithms to analyse data from platforms such as social media, location data and records of purchases in order to create a file.
As regards transfer of data, Portner does not operate in more than one EU Member State but does transfer data outside the EU to South Africa and Portner have ensured that there is an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
We may disclose and exchange information with Louise Axon for the above reasons.
Information may be held at our offices as described above. Information may be transferred internationally to South Africa which is a country without Data Protection laws equivalent to those in the UK. This data transfer is for the reasons described above.
We have security measures in place to seek to ensure that there is appropriate security for the information we hold.
Personal data must be processed by us fairly and lawfully. In order to make the processing of your data fair, we wish to provide you with the following information:
- The Data Controller is any member of Portner Law Limited collecting the data on your behalf.
- The purposes for which your information will be processed is solely in relation to the provision of legal services by Portner to you.
What information do we collect?
We obtain certain information from you that is classified as data which include by way of example:
- Your National Insurance number;
- Your Inland Revenue details;
- Bank statements;
- Utility bills or household bills;
- Your date of birth;
- Details of your name and former names.
- Your identity information – passport and/or driving licence.
- Your name, address, telephone numbers and email addresses.
The data is collected from you when you manually, orally or via a written document or questionnaire, provide that data to us.
The specific data above is collected to satisfy either anti-money laundering requirements or to facilitate the movement of your funds between Portner Law Limited and your bank account and/or to pay taxes payable to HMRC or for the purposes of conducting Court or Tribunal matters on your behalf.
The data we collect is used solely for our own information or for providing you with advice and/or completing Government or Court forms. Your address may be used for newsletters or information sheets on the services offered by Portner.
Description of processing
The following is a broad description of the way Portner processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices Portner has provided or contact Portner to ask about your personal circumstances.
Reasons / purposes for processing information
We process personal information to enable us to provide legal services including advising and acting on behalf of our clients. We also process personal information for:
- Maintaining our own accounts and records;
- Promoting our services;
- Supporting and managing our employees;
- Tax purposes;
- Court proceedings;
- Disclosure to the party on the other side of any contentious matter;
- Anti-Money Laundering.
Types / classes of information processed
We process information relevant to the above reasons/purposes. This information may include:
- personal details
- family details
- lifestyle and social circumstances
- goods and services
- financial details
- business of the person whose personal information we are processing
- education and employment details
We also process sensitive classes of information that may include:
- physical or mental health details
- racial or ethnic origin
- political opinions
- religious or other benefits
- sexual life
- trade union membership
- offences and alleged offences
- criminal proceedings, outcomes and sentences
If relevant to the provision of legal services to you or equal opportunities monitoring and compliance.
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- family, associates or representatives of the person whose personal data we are processing
- current, past or prospective employers
- educators and examining bodies
- healthcare professionals, social and welfare organisations
- business associates
- trade associations and professional bodies
- suppliers and service providers
- ombudsman and regulatory authorities
- complainants, enquirers
- financial organisations
- Courts and Tribunals
- HMRC (in relation to Stamp Duty and the Land Registry)
- central government
- Portner’s accountants
- Portner’s auditors
- Portner’s professional indemnity insurers currently Accredited Insurance (Europe) Limited
- Portner’s Lexcel & CQS Assessors
- Portner’s external compliance firm, The Strategic Partnership
- solicitors acting for any party against whom you are involved
- any third parties instructed on your behalf
Right to be informed
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request (see below).
Right of access
Data subjects can make a ‘subject access request’ (‘SAR’) to find out the information we hold about them. This request must be made in writing.
We must respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.
There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive, we may charge a reasonable administrative fee or refuse to respond to your request.
Right to rectification
You can correct any inaccuracies in your personal data.
Right to erasure
You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.
Right to restrict processing
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
Right to data portability
You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
Right to object
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
You have the right to object if we process your personal data for the purposes of direct marketing.
With some exceptions, you have the right not to be subjected to automated decision-making.
Right to complain
You have the right to complain to the Information Commissioner:
You have the right to be notified of a data security breach concerning your personal data.
Security of your Data
Portner has established processes to protect your data and have established processes to:
- Configure new and existing hardware to reduce vulnerabilities.
- Installed malware protection software.
- Ensure that software is kept up to date and the latest security patches are applied.
- Establish boundary firewalls.
Retention of Data
Maintaining business records in a systematic and reliable manner is essential to comply with our legal and regulatory requirements, e.g. relating to data protection, tax and employment. It also reduces the costs and risks associated with retaining unnecessary information.
Right to Complain
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
Client Confidentiality and Lexcel
The firm has achieved the Lexcel standard, the quality standard of the Law Society. As a result of this we are subject to periodic checks by outside assessors. This will mean that your file can be selected for checking and we require your consent for your file to be inspected. All inspections are, or course, conducted in confidence.
By signing below, you agree that we can show your file, if necessary, to our Lexcel Assessor. If you do not wish our Lexcel Assessor to view your file, then please advise us.
Consent to use of Data
I consent to the processing, disclosure and international transfer of information (including sensitive personal data) as described above. I consent on my own behalf and am duly authorised on behalf of any third party whose personal data I supply.
Consent on this occasion will extend to all future matters which we conduct on your behalf. Please contact us if we can explain this further or if you would like us to mark your file as not to be inspected.