In order to manage our business and provide our services to customers, as solicitors working on your behalf RHL Solicitors (we, us, our) collect a certain amount of personal data. “Personal data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information.
This Data Protection Notice sets out the basis on which we gather, use, disclose and process any personal data we collect from You, or that You provide to us. We will use Your personal data only for the purposes and in the manner set forth below which describes the steps we take to ensure our processing of Your personal data is in compliance with the General Data Protection Regulation ((EU) 2016/679) (the GDPR) and any implementing legislation.
Please read the following carefully to understand our use of Your personal data.
Your Right to Object – Please note that You have a right to object to the processing of Your personal data where that processing is carried out for our legitimate interests.
- What Personal Data we May Collect about You?
In order to provide legal advice and/or deal with any claims or complaints, we need to collect and process personal data about You. If You do not provide the information we need, we may not be able to provide our services to You. The types of personal data that are processed may include:
Category Types of Data collected Individual details Name, address (including proof of address), other contact details such as email address and phone number, gender, marital status, date and place of birth, nationality, marketing preferences, IP address, bank account details or payment card details, vehicle details, relevant criminal convictions, penalty points, employer, job title, passenger and family member details, including their relationship to You. Identification details Identification numbers issued by government bodies or agencies, including Your driving license number and photographs identifying You. Special categories of personal data and criminal convictions data Certain categories of personal data which have additional protection under EU data protection law. These categories are health and criminal convictions. Claims information Information about previous and current claims, (including other unrelated insurances), which may include data relating to Your health (e.g., injuries and relevant pre-existing conditions), relevant criminal convictions, or other special categories of personal data mentioned above.
- The Purposes of, and Legal Basis for, the Processing of Your Personal Data
We hold, disclose and process Your personal data in order to provide you with legal advice in accordance with our contract and to take steps at Your request prior to entering into a contract. This includes using Your personal data for:
- Initial discussions;
- Legal Advice;
- Progression of your legal case;
- Arrangement of any third party consultations or investigations;
- Clarifying the availability of before the event insurance
- Arrangement of after the event insurance
- Settlement of your legal case.
We may also use Your personal data where:
- it is necessary to comply with our legal and regulatory obligations (for example, complying with reporting obligations to the Financial Conduct Authority, National Crime Agency, The Law Society, Solicitors Regulation Authority or other applicable regulatory authorities)
- it is necessary to support our legitimate interests in managing our business, including in connection with (i) the administration of Your claim, (ii) improving our services (iii) prevention and detection of crime, (iv) transferring books of business, company sales and reorganizations; (v) analytics, provided in each such instance, they are not overridden by Your interests and rights; and (vii) obtaining after the event insurance; and/or
- You have consented to processing Your information in such a way
- Criminal Convictions
We may hold, use, disclose and process personal data relating to relevant criminal convictions and offences for the purposes identified above, where necessary to comply with our legal and regulatory obligations, or where necessary to support our legitimate interests. We will only carry out such processing where it is authorised by European Union (EU) or Member State law.
- Special Categories of Personal Data
We hold, use, disclose and process special categories of personal data (e.g., Your health data) where:
- You have given us Your explicit consent;
- the processing is necessary to protect Your, or another’s vital interest;
- You have manifestly made Your personal data publically available;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
- necessary for reasons of substantial public interest on the basis of law
- Who We Share Your Information with
In order to provide our services and to comply with legal obligations imposed on us, it may be necessary from time to time for us to disclose Your personal data to third parties, including without limitation to the following:
- With our agents and third parties who provide servicesto us, Your insurer eg an intermediary You may use and other insurers (either directly or via those acting for the relevant insurer) to help us administer our products and services;
- with regulatory bodies and law enforcement bodies (where we are required to do so to comply with a relevant legal and regulatory obligation);
- legal, financial, medical and other professional advisors;
- with the insurer’s reinsurers, who provide reinsurance services to the Insurer. Reinsurers will use Your data to decide whether to provide reinsurance cover, assess and deal with reinsurance claims and to meet legal obligations. Reinsurers will keep Your data for the period necessary for these purposes and may need to disclose it to other companies within their group, their agents and third party service providers, law enforcement and regulatory bodies. To the extent the reinsurer is a member of the Insurer group and is subject to the GDPR, the reinsurer will process Your personal data where in its legitimate interests to do so. For further information please request the details of the relevant reinsurer from us via the contact details set out in section 10.
- Transfer of Personal Data outside the EEA
The personal data we collect from You may be transferred to, and stored at a destination outside of the European Economic Area (EEA) for purposes described above. These countries may not provide an adequate level of protection in relation to the processing of Your personal data. Due to the global nature of the company who own the servers that we utilise for our business, Your personal data may be disclosed to members of our group outside of the EEA, including in particular Switzerland, Bermuda and the U.S. However, to ensure that Your personal data receives an adequate level of protection we have ensured that the following appropriate safeguards are in place to protect the privacy and integrity of such personal data:
- Model Clauses: standard clauses in contracts with our above listed third parties to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law. Copies of these clauses are available if you require them, please contact us using the details in section 10; and
- EU/Swiss-U.S. Privacy Shield: an agreement between the EU and the Governments of Switzerland and the US concerning the treatment of data concerning EU citizens. Some of the relevant third parties are certified under the EU/Swiss-U.S. Privacy Shield.
- How Long we Keep Your Personal Data
We are required to ensure that Your personal data, is accurate and maintained in a secure environment for a period of time no longer than necessary for the purposes for which we are processing Your personal data.Information submitted for an initial discussion where you did not proceed with a claim or utilise our legal services may be retained by us for a period of up to 6 years from the date of the initial discussion.Where You proceed with your claim, information will be held for the duration of Your claim remaining active and a period of 6 years after the end of our relationship. We keep information after our relationship ends in order to comply with applicable laws and regulations and for use in connection with any subsequent legal claims.
- Your Data Rights
You have several rights in relation to Your personal data. You have a right to:
- access a copy of Your personal data held by us;
- request rectification of Your personal data if it is inaccurate or incomplete;
- request erasure of Your personal data in certain circumstances;
- restrict our use of Your personal data in certain circumstances;
- move (or port) personal data which You have given us to process on the basis of Your consent or for automated processing;
- object to the processing of Your data where our legal basis for processing Your data is our legitimate interests; and
- not to be subject to a decision based on automated processing, including profiling which has legal or similar significant affects.
However, these rights may not be exercised in certain circumstances, such as when the processing of Your data is necessary to comply with a legal obligation or for the exercise or defence of legal claims. If You wish to exercise any of Your rights in this regard please contact us using the details in Section 10. We willrespond to Your request in writing, or orally if requested, as soon as practicable and in any event not morethan one month after receipt of Your request. In exceptional cases, we may extend this period by two months, and if we do this we will tell you why. We may request proof of identification to verify Your request.
- Consequences of Failure to Provide Information
If we or any of the parties detailed above cannot collect information requested from You, it may make it difficult, impossible, or unlawful for us to give You advice on, provide You with, and administer our legal services.If we or any of the parties listed above ask for information and You do not wish to give it to us, or if You wish to withdraw consent to the use of Your personal data, we will explain the consequences based on the specific information concerned including whether it is a legal or contractual requirement that we use such data. If You have any queries in respect of the consequences of not providing information or withdrawing Your consent, please contact us using the details in Section 10.
- Further Information
If You require any further information about how we use Your data or if You want to exercise any of Your rights under this Data Protection Notice, please contact the Insurer and Intermediaries as listed below:
RHL Solicitors contact details RHL Solicitors
2440 The Quadrant
RHL Solicitors Limited, a company registered in England and Wales under company number 09683298
Authorised and Regulated by the SRA under number 625566.
- Your Right to Complain to the ICO
If You are not satisfied with our use of Your personal data or our response to any request by You to exercise any of Your rights in Section 8, You have the right to lodge a complaint with the Information Commissioner’s Office. Please see below contact details:
England Information Commissioner’s Office
Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
Scotland Information Commissioner’s Office
45 Melville Street
Phone: 0303 123 1115
Wales Information Commissioner’s Office
Phone: 029 2067 8400
Northern Ireland Information Commissioner’s Office
14 Cromac Place
Phone: 0303 123 1114 (local rate) or 028 9027 8757 (national rate)