Irvine Thanvi Natas (ITN) are committed to the protection and security of your data and privacy.
In order to provide legal services, including advice to you and representation, we need to collect, process and hold personal data. This includes our client’s personal data, as well as the data of third parties who may arise in matters on which we are instructed.
This privacy notice explains:
A link to this privacy notice will be provided when we send you a care letter. It will also be available on our website. It may be updated and we will write to you should we perform any substantive updates to its terms.
ITN Solicitors are a firm of solicitors. The solicitors and the firm act as “data controllers” for the purposes of data protection law. That means we are subject to data protection laws and owe duties to data subjects.
We are registered with the Information Commissioner’s Office (ICO), the relevant supervisory authority for data protection matters. The ICO has oversight over the manner in which we hold, process and respect data. As detailed below, you have rights to complain to the ICO about how we handle your data.
For your information, our relevant registration details with the ICO are as follow:
If you would like to contact the firm or any of our solicitors about this notice, please contact us at the address above or by email at email@example.com.
In the course of offering advice and representations (“legal services”), we process personal data of many types. This may include:
We are also likely to process what is known as “special category” data, a term used to indicate that particularly sensitive data might be processed. This includes information as to:
We process a range of such data, owing to the range of cases that we are instructed on. If you are interested in knowing the express categories of data processed in your particular case, please contact your solicitor.
The primary source of information we receive is directly from clients, to enable us to provide legal services. We also receive information from referral sources, who may have contacted us on behalf of clients and / or prospective clients. Other information may be obtained and collated from public sources, including subscription services. We do so to be able to provide legal services effectively and in full.
We process personal data about our clients, potential clients, individuals who feature in the matters on which we are instructed, witnesses, experts, opponents, counsel (also known as barristers), court staff, members of the judiciary and others ancillary to actual or potential proceedings.
Data protection laws (including the General Data Protection Regulation (GDPR)) requires data controllers to have a lawful reason (or “lawful basis”) to process personal data. Our lawful basis for processing are set out fully below.
We will use your data only for the purposes for which it was provided, save where we fairly consider that we need it for another reason. Any such reason will (1) be compatible with the original purpose and (2) ensure that our professional obligations to our clients do not prevent such use.
If we need to use your personal information for an unrelated purpose, we will advise you of this in advance and either get your consent or explain the alternative legal basis which allows us to do so.
You should be aware that we may process your personal information without your knowledge or consent. However, we will only do so where this is required or permitted by law.
Yes, we do so in order to offer effective and complete legal services. We would not be able to offer such legal services without sharing your information. We explain who we may share your data with below, as well as the reasons for that sharing (where not self-explanatory).
For the purposes of this notice (and further to our professional obligations of confidentiality and privilege to clients), we may provide your personal data to the following:
When the Practice engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Please note that we do not make any automated decisions with respect to your cases or management of your file.
We will not retain your data in any form that identifies you for longer than necessary. Unless the specific circumstances of your case require otherwise or you indicate otherwise, we will delete, destroy and / or anonymise your information around 7 years after the end of your case (or 7 years after the date of last payment / settling of fees).
We may also retain information for longer for audit purposes, or for legal / compliance reasons. However, should you exercise your rights to erasure over this data, we will oblige where necessary.
We are based in the United Kingdom. As such, your data is processed within the jurisdiction of the UK.
We do not often transfer data outside of the jurisdiction. We may however transfer your data to a location outside of the UK if we consider it necessary to do so (for example, for reasons related to the circumstance of your case or to a secure server).
In such cases, we will only transfer your data to an area to which an “adequacy regulation” applies or where the data transfer will be carried out under government approved Standard Contractual Clauses.
We have security measures in place to ensure appropriate security for your personal data. We seek to protect against unauthorised or unlawful processing, as well as protecting against accidental loss, destruction or damage.
We take the following measures to protect your data:
Although we take such measures we are not liable for losses caused by the acts of third parties, such as a malware attack on external serves which we could not prevent or by loss of information by a third party.
We passionately believe in the exercise of rights, whether over your data or any other fundamental right. Accordingly it is important for us to know that you understand the rights you have over your data. In particular:
You should note that these rights are not absolute and can be restricted in certain circumstances. There are instances where the rights will not be available, such as:
Further information about your rights are available on the ICO website: https://ico.org.uk/
We encourage you to review your cookie policies on our website and any other website you visit.
This notice is liable to change, as the data protection regime evolves. When we make significant changes, we will notify clients by email. We will also revise the published notice on our website, as well as keeping a record of the changes.
We are hopeful that you will not have a need to complain, as we take your data protection and privacy seriously. Indeed, we trust that you will be pleased by the approach taken in this notice. However, should you find it necessary to complain, we suggest that you contact the solicitor on your case in the first instance.
In the event that you are not satisfied with the resolution from your solicitor, please contact our data protection director on enquiries@ITNsolicitors.com. Our current data protection director is Mr Nadeem Thanvi.
Should Mr Thanvi be unable to resolve your matter, you have a right to complain to the regulator of information, the ICO. The ICO have online guidance on how to complain to them, here: https://ico.org.uk/make-a-complaint/.