About /

PRIVACY NOTICE

Background and introduction

 

Irvine Thanvi Natas (ITN) are committed to the protection and security of your data and privacy.


In order to provide legal services, including advice to you and representation, we need to collect, process and hold personal data. This includes our client’s personal data, as well as the data of third parties who may arise in matters on which we are instructed.

 

This privacy notice explains:

 

  1. Who we are
  2. What personal data we collect and store about clients and how we collect it.
  3. Why we collect personal data and what we do with it.
  4. How we retain information and how we keep it secure.
  5. Your rights and how to exercise them.
  6. How we can be contacted.

 

This privacy notice will be provided when we send you a care letter. It will also be available on our website. It may be updated and we will write to you should we perform any substantive updates to its terms.

 

 Who are we

 

ITN Solicitors are a firm of solicitors. The solicitors and the firm act as “data controllers” for the purposes of data protection law. That means we are subject to data protection laws and owe duties to data subjects.


We are registered with the Information Commission (IC), the relevant supervisory authority for data protection matters. The IC has oversight over the manner in which we hold, process and respect data. As detailed below, you have rights to complain to the IC about how we handle your data.

 

For your information, our relevant registration details with the IC are as follow:

Registration number: Z2150162

Registered address: Portsoken House, 155-157 The Minories, London EC3N 1LJ

 

If you would like to contact the firm or any of our solicitors about this notice, please contact us at the address above or by email at dataprotection@itnsolicitors.com

 

 What information do we process from our clients and about our clients?

  

In the course of offering advice and representations (“legal services”), we process personal data of many types. This may include:

 

  • Personal details, including contact details
  • Financial details
  • Business information
  • Family details
  • Education details

 

We are also likely to process what is known as “special category” data, a term used to indicate that particularly sensitive data might be processed. This includes information as to:

 

  • Criminal offences, convictions and allegations
  • Health
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Sexual history
  • Sexual orientation

We process a range of such data, owing to the range of cases that we are instructed on. If you are interested in knowing the express categories of data processed in your particular case, please contact your solicitor.

How do we collect personal data

 

The primary source of information we receive is directly from clients, to enable us to provide legal services. We also receive information from referral sources, who may have contacted us on behalf of clients and / or prospective clients. Other information may be obtained and collated from public sources, including subscription services. We do so to be able to provide legal services effectively and in full.

 

 Whose personal data do we process

We process personal data about our clients, potential clients, individuals who feature in the matters on which we are instructed, witnesses, experts, opponents, counsel (also known as barristers), court staff, members of the judiciary and others ancillary to actual or potential proceedings.

 

 Lawful basis for processing data

Data protection laws (including the UK General Data Protection Regulation (UK GDPR)) requires data controllers to have a lawful reason (or “lawful basis”) to process personal data. Our lawful basis for processing are set out fully below.

 

  • Contractual necessity – To fulfil our contractual duties to our clients or to enter into a contract with you.

 

  • Legitimate interests – Our legitimate interests in processing data include:

 

  1. To provide legal services, including advice and representation services to our clients.
  2. If the data subject is not our client, to provide legal services to our client from whom or on whose behalf we have collected that data.
  3. To carry out billing and administrative services, including collection of fees and disbursements.
  4. To deal with complaints and concerns that may arise, including any regulatory or legal proceedings.
  5. To provide training to junior staff, such as paralegals and trainee solicitors.
  6. To assess our performances and review our files.
  7. For banking and accounting purposes.
  8. For marketing purposes. Please note that we will not share information concerning you or from which you can be identified, without your consent or it is already publicly available. We may also email you regarding events, services or offers that you may be interested in. If you do not wish to receive such information, please do let us know. An “unsubscribe” button will be provided on any marketing email as well.
  9. For marketing purposes, where permitted by law. We may send existing clients information about our services, events or legal updates where this is allowed under the Privacy and Electronic Communications Regulations (PECR) and where it is justified by our legitimate interests. We will not send marketing emails to prospective clients without the appropriate consent. You may opt out of marketing communications at any time by contacting us or by using an unsubscribe option provided in marketing emails. 
  • Compliance with the law – We will process your data to comply with our legal requirements, including:

 

  1. To comply with regulatory obligations
  2. To comply with financial regulatory requirements, such as money laundering checks.
  3. To make statutory returns to HMRC for VAT and income tax purposes.


  • Special category data – We aim to keep clients updated with how and why we are processing their data. However, this is not always possible. Please therefore note that if we are unable to receive your express consent for processing special category data, we may process such data for:


 

  1. Reasons of substantial public interest.
  2. The purposes of establishing, exercising or defending legal rights.

 

We will use your data only for the purposes for which it was provided, save where we fairly consider that we need it for another reason. Any such reason will (1) be compatible with the original purpose and (2) ensure that our professional obligations to our clients do not prevent such use. A new data processing purpose is compatible with the original purpose where we have your consent and where the processing is for research or archiving purposes.

 

If we need to use your personal information for an unrelated purpose, we will advise you of this in advance and either get your consent or explain the alternative legal basis which allows us to do so.

 

You should be aware that we may process your personal information without your knowledge or consent. However, we will only do so where this is required or permitted by law.

 

 

  1. Do we share your personal data?

 

 

Yes, we do so in order to offer effective and complete legal services. We would not be able to offer such legal services without sharing your information. We explain who we may share your data with below, as well as the reasons for that sharing (where not self-explanatory).

 

For the purposes of this notice (and further to our professional obligations of confidentiality and privilege to clients), we may provide your personal data to the following:

 

  • Other members of our firm, within and outside of the department that dealt with your case. We may do so where, for instance, another department may be able to assist with an aspect of your case that the original department may not. Further, there may be follow up work required on your file.
  • experts with whom we are working. Note that we will not instruct such a professional without your consent, save where we cannot receive your consent (in which case, we may share your data on the other lawful bases cited above).
  • Management and administrative staff. Such staff will require your data to, for instance, open your case or to manage the firm.
  • Typing and secretarial services
  • Document Storage companies who we use to archive documents and files off-site pursuant to our professional obligations
  • IT providers, where access to our database is required to set up software or hardware systems or to resolve a technical issue.
  • Opposing legal representatives, as part of your case.
  • Accountants and banks.
  • Judges and court staff.
  • Public authorities, where our legal / regulatory obligations require us.
  • Our regulators, including the Legal Aid Agency and the Solicitors Regulatory Authority, in the event of a dispute or other legal matter. Our regulators may also conduct audits of our files or may require us to employ independent companies to audit us for regulatory and certification purposes. You can object to your file being passed to our regulators for auditing purposes or to any independent auditors we may be required to employ for those purposes. Please let us know if you object to this when we open your file.

 

  • Telecommunications Providers who provide our phone and internet services who may process data such as telephone numbers, IP addresses, times of use, voicemail messages and who also provide call recording facilities if requested by us which will be retained for a limited amount of time on our remote servers. a Telephone Answering Service -We use a trusted telephone answering service called MoneyPenny to help us manage the taking and processing of telephone calls. f your call is answered by MoneyPenny, they may take basic details such as your name, contact information and the reason for your call, so the message can be passed on to us. MoneyPenny only uses your information to handle your call and does not use it for any other purpose. Calls can be recorded and stored for a limited amount of time if we ask for calls to be recorded – the caller will be made aware that the call is being recorded should that occur 
  • Auditors and Assessors employed to ensure compliance with relevant Quality Standards such as Lexcel or the Specialist Quality Mark or other similar quality assurance standards.
  • Any other party where we have your consent to do so.

 

When the Practice engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

 

Please note that we do not make any automated decisions with respect to your cases or management of your file.

 

  1. How long do we hold your personal data

 

We will not retain your data in any form that identifies you for longer than necessary. Unless the specific circumstances of your case require otherwise or you indicate otherwise, we will delete, destroy and / or anonymise your information around 7 years after the end of your case (or 7 years after the date of last payment / settling of fees).

 

We may also retain information for longer for audit purposes, or for legal / compliance reasons. However, should you exercise your rights to erasure over this data, we will oblige where necessary.

 

  1. Do we transfer data outside of the UK?

 

We are based in the United Kingdom. As such, your data is processed within the jurisdiction of the UK.

 

We do not often transfer data outside of the jurisdiction. We may however transfer your data to a location outside the UK if we consider it necessary to do so (for example, for reasons related to the circumstances of your case or to a secure server).

 

In such cases, we will only transfer your data to an area to which an ‘adequacy regulation’ applies or where the data transfer will be carried out under government approved Standard Contractual Clauses.

 

In such cases, we will only transfer your personal data to countries which are subject to UK adequacy regulations, or where appropriate safeguards are in place, including the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standards Contractual Clauses, as applicable. 

 

  1. How do we keep data secure?

 

We have security measures in place to ensure appropriate security for your personal data. We seek to protect against unauthorised or unlawful processing, as well as protecting against accidental loss, destruction or damage.

 

We take the following measures to protect your data:

 

  • Only authorised staff of the firm will have access to your data as held by us. Staff will have access only to the data necessary for the purposes to which they have been given access.
  • All persons who have access within the firm will do so in adherence to the law and this notice. All such persons also understand their professional duties of confidentiality and legal professional privilege.
  • We use secure browsers to protect malware or other unintended intrusions into our database.
  • When the Practice engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
  • Our offices are monitored by a CCTV system (Blink) for the purposes of safeguarding staff, clients and property. The lawful basis for this processing is our legitimate interests in maintaining security. CCTV footage is retained for a limited period and accessed only where necessary, such as for the investigation of incidents or security concerns.”

Although we take such measures we are not liable for losses caused by the acts of third parties, such as a malware attack on external serves which we could not prevent or by loss of information by a third party.

 

Your rights

 

We passionately believe in the exercise of rights, whether over your data or any other fundamental right. Accordingly it is important for us to know that you understand the rights you have over your data. In particular:

  • Right to access – You have a right to ask for the personal data we hold about you. We will ask for proof of identity before acceding to such a request, to preserve your privacy. However, once we are satisfied as to your identity, we will provide you with your personal data without undue delay and in any event within one month, as required by data protection law.  Where a request is complex or multiple requests are made we may extend this period by up to two further months and will inform you of this within one month of receipt of the request. If we may take longer, we will let you know and explain the reasons for the same. We will not charge you for such a request, unless we reasonably consider your request to be excessive or repetitive. We will also charge administration fees should, for example, we require to take your information out of storage or archive. We also reserve the right to refuse a request if we reasonably consider it to be unfounded, repetitive or excessive.
  • Right to be informed – The notice provides the information you need about how we collect and use your data. If you require any further information, please contact your solicitor or our data protection partner, Nadeem Thanvi, at datprotection@itnsolicitors.com
  • Right to rectification – If you consider that any information we hold is inaccurate, please let us know and we will take steps to rectify it.
  • Right to erasure – In certain circumstances, you have the right to have personal data that we process blocked, erased and destroyed.
  • Right to object and restrict – You can ask for your processing of your personal data to be restricted, for example for marketing purposes. You can also object to the processing of your data entirely but this will affect the service we are able to offer.
  • Right to portability – You can request your data to be “ported” to another platform, in certain circumstances.

 

You should note that these rights are not absolute and can be restricted in certain circumstances. There are instances where the rights will not be available, such as:

  • If the request would interfere with our professional obligations to respect legal professional privilege.
  • We will also need to consider the effect of any right against the effect on:
    1. Legal proceedings (including prospective proceedings);
    2. Obtaining legal advice;
    3. Defending other legal rights.

 

Please contact your solicitor or our data protection director if you have any further questions. Our data protection director can be contacted at dataprotection@itnsolicitors.com

 

Further information about your rights are available on the IC website: https://ico.org.uk/

 

 Cookies

 

Our website uses cookies. We have a separate policy on cookies, available here:

 

 We encourage you to review your cookie policies on our website and any other website you visit.

 

 Changes to this notice

 

This notice is liable to change, as the data protection regime evolves. When we make significant changes, we will notify clients by email. We will also revise the published notice on our website, as well as keeping a record of the changes.

 

 Complaints

 

If you have concerns about how we handle your personal data, you have the right to complain directly to us. 

 

You can raise a complaint by contacting:  

 

Nadeem Thanvi – Data Protection Partner 

Email: dataprotection@itnsolicitors.com

Post: ITN Solicitors, Portsoken House, 155-157 The Minories, London EC3N 1LJ

 

We will acknowledge your complaint within 30 days and will investigate and respond as soon as reasonably possible. 

 

If you are not satisfied with our response, you have the right to raise your concerns with the Information Commission, the UK data protection regulator. 

 

Further information about how we handle data protection complaints is available on request. 

Should Mr. Thanvi be unable to resolve your matter, you have a right to complain to the regulator of information, the IC. The IC have online guidance on how to complain to them, here: https://ico.org.uk/make-a-complaint/.