Chattertons* take the protection of your personal information very seriously and we have controls in place to ensure that the information you entrust to us will be held securely and processed in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018).
Chattertons* ("we" "our" or "us") processes personal data of a number of different categories of individuals where we are the Data Controller. This information is provided to individuals whose data we process ("you" or "your") to comply with our obligations under Articles 13 and 14 of the GDPR.
This policy sets out the information you need to know to understand how we will process and protect your information.
Below we shall refer to the ‘Data Subject’, this is the individual whose personal information we hold; they could be our employees, prospective employees, clients, beneficiaries, attorneys, suppliers or other identifiable individual.
Who are we?
The Data Controllers are Chattertons Legal Services Limited, Chattertons Wealth Management Services Limited or Chattertons Trustee Corporation Limited depending on the type of service you have asked us to provide. The initial documentation we send to you will make clear which company you are engaging with. Our full contact details can be found at the end of this policy.
Why do we need your information?
We need your personal information to allow us to offer our services to you and to comply with our legal and fiduciary duties. Personal information may be collected and processed for the following purposes:
- providing legal services
- providing wealth management and financial services
- providing services to beneficiaries and attorneys
- related purposes such as updating and enhancing client records
- analysis and reporting to help us manage our business
- statutory and regulatory returns and compliance
- managing security and risks in our business
- professional indemnity insurance
We may disclose the above information to our service providers, agents or other trusted third parties for these purposes.
What Information do we capture?
Chattertons collects information through face to face meetings, completing fact-finds and other relevant forms and documentation relating to the service we are providing. We also capture information through our website www.chattertons.com. We will only collect relevant information necessary to allow us to provide our service to you, or discharge our legal responsibilities. The information we collect will include:-
- personal information including name and contact details, such as address, email and telephone number
- Information about your particular circumstances and the matter you have asked us to deal with, which may include certain pieces of sensitive “special category” information
- We may ask about medical conditions in order that we can tailor services to your needs, and in the event of an emergency may pass this to the emergency services
- Financial information such as bank details and wealth management information as well as bank statements for anti-money laundering and regulatory requirements.
This list is not exhaustive and other relevant information may be captured as part of our relationship.
Legal Bases for processing your data
Under GDPR we are required to clearly document our legal bases for processing your personal data. These bases are contained in Article 6 of the GDPR. The key ones that apply are:
- Article 6 (a) the individual has given clear consent to process their personal data for a specific purpose. We obtain consent for marketing purposes or where we need to store particularly special category data.
- Article 6 (b) the processing is necessary for a contract. We need your data in order to deliver our service/ "contract" to you.
- Article 6 (c) Legal obligation: the processing is necessary to comply with the law (not including contractual obligations).
- Article 6 (d) the Vital Interest basis may apply in a "life or death" situation.
- Article 6 (f) Legitimate Interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. We would consider that we have a legitimate interest in processing your data to provide our services detailed in the contract between us.
Legal Bases for processing your Special Category Data
In the course of us dealing with your case you may also supply us with Special Category Data, which is personal data about your racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, sexual life, sexual orientation, biometric or genetic data.
Any use of Special Category data will be strictly controlled in accordance with our data protection policies and is gathered for the purpose of progressing your matter. For example, you may tell us about your health if we are conducting a personal injury claim for you or your employment records may be required for an employment case.
Under GDPR we are required to clearly document our legal bases for processing your Special Category data. These bases are contained in Article 9 of the GDPR. The key ones that apply are
- Article 9 (a) the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject. We will only obtain consent for processing Special Category Data where Article 9 (f) does not apply.
- Article 9 (b) processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject.
- Article 9 (f) ãÂÂprocessing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity
We do not actively market to children, and we never knowingly ask a child to reveal personal information. Personal information on minors is sometimes required to allow us to offer specific services relevant to the matter for which we are providing advice. However, information will always be obtained from, and permission requested from a parent or guardian or other appropriate adult.
Employees & Job Applicants
We will collect all personal information required to comply with employment legislation and if relevant, to make reasonable adjustments at the recruitment stage. This information may include where necessary sensitive "special category" data. This may include medical information and where appropriate we will perform a criminal record search. To prevent discrimination, and ensure diversity we will request information from the Data Subject on religion, sexuality and ethnicity in order to comply with our regulatory requirements.
In order to prevent and detect crime, and to ensure the safety of our clients and staff, we operate CCTV systems at various locations. These cameras record footage in real-time and are operated and controlled by our own IT staff. Monitoring and recording does not take place in any personal areas and any recordings are kept securely and only accessed by authorised members of staff.
How we process your information
We will only use your personal information for the purpose for which it was given, we will not keep it for longer than is necessary and will destroy the information securely according to our formal data protection policy.
In order to process your personal data obtained on the website and financial transactions we use trusted and authorised secure third party websites. Personal or sensitive "special category" information is not held on the website or shared by third parties including any outside of the UK.
How long we store your information for
We have a retention policy which details how long we keep records. In line with data protection requirements we will only keep your personal data for as long as necessary in accordance with business and regulatory needs. Our normal retention period is 6 years from the date your file is closed unless our regulatory requirements stipulate otherwise, in which case we may keep your file for longer if there is a valid reason for doing so. For further information please contact your advisor.
Where we store your information
Your personal information will be hosted securely within the UK with the exception of our survey provider. If we transfer your information to a data processor, for example, an email broadcast company to assist us in keeping you up-to-date with announcements, news and information, and they are located outside of the EEA, we shall take all reasonable steps to ensure that your information is protected as if we hosted it ourselves. No information about your matter is transferred or backed up outside of the UK.
We will not transfer personal data relating to you to a country which is outside the European Economic Area unless:
- The country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
- Appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 by us or by our client (on whose behalf we would transfer the data); or
- One of the derogations for specific situations under GDPR Article 49 is applicable to the transfer. These include (in summary):
- The transfer is necessary to perform, or to form, a contract to which we are a party: with you; or a third party where the contract is in your interests;
- The transfer is necessary for the establishment, exercise or defence of legal claims;
- You have provided your explicit consent to the transfer; or
- The transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
Who we share your information with
Your information may be shared within the Chattertons Group, which is comprised of:
- Chattertons Professional Services Limited
- Chattertons Legal Services Limited
- Chattertons Wealth Management Limited
- Chattertons Trustee Corporation Limited
- Chattertons Holdings Limited
It may be necessary to share information between our group companies for example, if you engage with us to provide you with legal services it may be necessary to share your information with our wealth management company or vice versa. We will only do this with your permission. It may also be necessary for your information to be shared with Chattertons Trustee Corporation should that be necessary to progress your matter.
We may need to share your information with trusted third parties and professionals such as (but not limited to) experts, barristers, or other legal counsel, estate agents and insurers. This will only be done to fulfil the contract for which we are providing services to you.
We will never share or sell your personal information to any other third party. We will only share your personal information with another third party where we are required to do so by court order or law. For example, we may be required to pass names of clients or images from CCTV to the police to investigate a crime. We may also need to share your information with our bank or our regulators to comply with anti-money laundering and regulatory obligations.
If we are the subject of a merger or takeover then your personal information will be passed to the new entity, but it will only be used for the same or similar purpose you gave it for. Similarly if the name of our legal entities change you will be informed of the change and given the opportunity to withdraw consent.
Marketing consents and permissions
We may wish to keep you informed of our activities, events and relevant sector updates, but will only do so with your express permission. When you engage with Chattertons*, you will be invited to opt-in to receiving information by your preferred marketing channel, this includes email, Post, text message (SMS) and telephone.
You have a right to change, amend or withdraw your consent to receive direct marketing messages at any time. You can ask us to update or correct your personal information or ‘opt out’ of our marketing mailing list at any time by contacting us:
- By post: Risk and Compliance Department, Chattertons, 9 Broad Street, Stamford, PE9 1PY
- By email: email@example.com . You can also opt out by clicking on the unsubscribe link in any marketing email we send to you.
Your information will be used in accordance with UK and EU Data Protections law and we have robust systems and controls in place to keep your information safe.
We do not store any personal data in the cookies that we use, and store your information anonymously to assist us in the running of the site, and also for monitoring the activity and traffic both to and through our website. To do this we use Google Analytics cookies.
Depending on the browser you use you should be able to control what cookies are placed on your device through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
We use Google Analytics to analyse the use of our websites; Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' devices. The information generated relating to our website is used to create reports about the use of our website. Details captured during your visit will include, but not limited to, traffic data, location data, weblogs and other communication data and the resources you access, however, all data collected is anonymous and will not identify you as an individual.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout
Your rights as the data subject
You have certain rights under existing data protection laws and these are listed below for your convenience:-
- You have the right to have a copy of the information which we hold on you. Unless there is a legitimate reason why you cannot make the application in writing, your request should be addressed in writing by letter or email, to the Data Protection Officer shown below.
- You have a right to object to processing that is likely to cause, or is causing you damage or distress.
- You have a right to prevent processing for direct marketing; simply email or call us as described above and we will stop sending marketing materials to you.
- You have a right to object to decisions being taken by automated means; although I can confirm we make no decisions on you using an automated process.
- You have the right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete
- You have the right to erasure/"right to be forgotten": where the processing of your information is based on your consent, the right to withdraw that consent and the right to request that we delete or erase your personal information from our systems (however, this will not apply if we do not rely on your consent to carry out the processing or if we are required to hold on to the information for compliance with any legal obligation or if we require the information to establish or defend any legal claim);
- You have the right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
- You have the right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible
- You have a right to claim compensation for damages caused by a breach of the Data Protection Act.
As Chattertons Legal Services Limited are a firm of solicitors, we are not required to give you information in certain circumstances where personal data we process is collected and processed by us in the context of our work advising and representing our client.
Article 14 of the GDPR states that it is not necessary to supply information about the data we process where that information has not been received from the individual concerned and where the personal data concerned must remain confidential subject to an obligation of professional confidentiality regulated by English law.
In addition, we are exempt from providing information about disclosures of personal data to us or by us where the disclosure is:
required by an enactment, a rule of law, or an order of a court;
necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings);
necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights.
processing of personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings.
Other exemptions may apply which relate to the matters on which we are asked to advise our clients.
Data Protection Officer Contact details
Data Protection Officer
Address: 5 South Street, Horncastle, Lincolnshire, LN9 6DS
Tel: (01507) 528137
ICO registration details:
Chattertons Professional Services Limited ICO Registration No. ZA178529
Chattertons Legal Services Limited ICO Registration No. ZA178514
Chattertons Wealth Management Limited ICO Registration No. ZA178941
Chattertons Trustee Corporation Limited ICO Registration No. ZA178943
Chattertons Holdings Limited ICO Registration No. ZA777729
If you are unhappy with how we have processed your personal information please firstly contact the
Data Protection Officer listed above, if you are still unhappy you may contact the following:
Information Commissioner's Office
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745
*Chattertons Company Information
Chattertons Holdings Limited is the holding company for Chattertons Trustee Corporation limited, Chattertons Legal Services Limited, Chattertons Wealth Management Limited and Chattertons Professional Services Limited.
Chattertons Holdings Limited is registered in England and Wales Company No. 12030573
Chattertons Professional Services Limited is registered in England and Wales Company No. 09949528.
Chattertons Professional Services Limited is the holding company for Chattertons Trustee Corporation limited, Chattertons Legal Services Limited and Chattertons Wealth Management Limited.
Chattertons Professional Services Limited is registered in England and Wales Company No. 09949528.
Chattertons and Chattertons Solicitors are trading styles of Chattertons Legal Services Limited. Registered in England and Wales. Company No. 09919910. Licensed and regulated by the Solicitors Regulation Authority. SRA No. 631531.
Chattertons Wealth Management Limited is registered in England and Wales. Company No.09919918. Authorised and regulated by the Financial Conduct Authority. FCA No. 766148.
Chattertons Trustee Corporation limited is registered in England and Wales. Company No. 09919672. Licensed and regulated by the Solicitors Regulation Authority. SRA No. 631484
Registered Office: 5 South Street, Horncastle, Lincolnshire, LN9 6DS.