Morgan Trusts & Tax Planning Limited (Solicitors):
From time to time we may need to make changes to our policy. The latest version will be shown on our website, www.morgan-ttp.co.uk. If we make any major changes, such as how your personal data will be processed, we will contact you directly.
Should you have any queries about this Policy, or the information we collect or use about you, please contact us by e-mail on firstname.lastname@example.org or by writing to James Morgan, The Data Protection Lead, at Morgan Trusts & Tax Planning Limited, 7A King Street, King’s Lynn, Norfolk, PE30 1ET.
How we obtain your personal data
Your personal data and the information that we collect from you:
In order that we can act for you in an efficient and appropriate manner, we need to gather your personal information. Morgan Trusts & Tax Planning Limited are authorised and regulated by the Solicitors Regulation Authority, part of which requires us to ‘know your client’. It is therefore important that as part of our initial and ongoing advice process, we gather all of the information that will enable us to provide you with the best possible legal services solution.
This information will usually be recorded by your legal adviser and supplemented in meetings or by file notes. The information that we will collect and use includes:
- Sensitive personal information, for example, bank account details, tax records and national insurance number. We will only collect the information that is needed to provide the service you have requested, or to comply with our legal obligations
- Personal details such as your name, address, date of birth, and how we can contact you
- Family details, such as children and dependants
- Your financial details, such as income and expenditure, your assets and liabilities and bank account details
- Information about any existing or previous Wills
- Copies of documents that we use to verify your identity in compliance with Anti-Money Laundering regulations, e.g. passport or driving licence
During the period in which we provide you with legal services, we may gather this information from you in a number of ways:
- At a meeting between you and your legal adviser or another member of the Morgan Trusts & Tax Planning Limited team
- During telephone conversations with us
- By e-mails or letters that you send to us
Information that we collect from other sources:
We may obtain personal information about you from other sources, such as:
- When an existing client or another professional, such as your accountant or financial adviser, recommends our services to you. However, this would only occur if you had permitted the other party to pass this information to us. The personal information would be restricted to essential information such as contact details and a general idea of the area of legal advice in which you are interested
- Where you are not able to provide us with full or up to date information about your existing legal advice we will as necessary, with your authority, contact other advisers. It may, with your authority, also be necessary to ask another legal adviser for your previous file and any appropriate stored documents
How we use your personal data
We use your personal data to:
- Provide you with legal advice
- Arrange legal matters on your behalf, such as production of a Will
- Administer, intermediate and report on legal services
- Comply with regulatory and legal requirements
- Handle any complaints
Your data may be gathered, recorded, stored, transferred, posted or submitted in various formats:
- Electronically, for example our ‘back office’ storage system is computerised. The majority of business transactions are conducted electronically and we send and receive emails and text messages
- Telephone conversations are recorded by written notes
- In paper format, such as letters and reports sent and received by Royal Mail or other delivery providers
We undertake to protect your personal data at all times, in a manner which is consistent with our duty of professional care and the requirements of the General Data Protection Regulation (GDPR) and any subsequent data protection legislation. This includes taking reasonable security measures to protect your personal data in storage.
We will only ever collect and use information which is personal to you where it is necessary, fair and lawful to do so. That is to say, we will only do so where:
- You have given us permission to obtain and process this information to enable us to provide the service that you are interested in. Where we need to obtain and process sensitive personal information, for example, relating to your medical information, we will obtain your explicit consent to do so using a data protection authority consent form, specifically designed for that purpose
- It is necessary to enable us to provide the services that you are interested in, for example if you want us to provide you with a Will, we will require information which will include your name, address, date of birth, financial situation, details of the beneficiaries and executors etc
- The processing of information is necessary for us to carry out your requirements, such as producing an LPA (Lasting Power of Attorney) for you and then registering with The Court of Protection
- Another example is where you wish us to provide an ongoing legal service; we would need to review the information that we hold to make sure that our advice to you remains suitable and if not, to recommend appropriate changes
We are required to process information to meet legal or regulatory obligations, such as:
- It is a requirement of our regulatory body, the Solicitors Regulation Authority (SRA), that we gather appropriate information from clients and potential clients and retain it for specified lengths of time
- We must comply with anti-money laundering regulations, which require us to collect and retain documentary evidence of identity and source of wealth
- It is in the legitimate interests of Morgan Trusts & Tax Planning Limited, in order that we can manage our business effectively, understand our clients and offer good service
At least one of the above basis will apply whenever we process your personal data.
Use of your information for marketing purposes:
We do not normally send out marketing information, but there may be a time when we think it appropriate to inform you of things which we believe may be of interest or benefit to you, for example a relevant change in the law. The data protection legislation allows this as part of our legitimate interest in understanding our clients and improving the services that we offer.
If you do not wish us to collect and use your personal information in these ways, or where you decline to give your explicit consent to process sensitive personal information such as details about your health, it may mean that we will be unable to provide you with our services. Details of your rights under data privacy law are included in the section below entitled ‘Your rights as an individual.’
Sharing information with third parties:
Where necessary, we may share your information with third parties for reasons outlined in ‘How we use your personal data’, and on the understanding that they keep the information confidential. These third parties include:
- Companies we have chosen to support us in the delivery of the services we offer to you. These include data and administration systems, technological support, cyber security etc
- Accountants, Solicitors and Financial Advisers with your permission
- Regulators and supervisory authorities such as the SRA, the Information Commissioner’s Office for the UK (the ICO) and The Legal Ombudsman
- Law enforcement, credit and identity check agencies for the prevention and detection of financial crime
- HMRC to obtain for example a Grant of Probate or to comply with tax legislation
Please rest assured that whenever we share your personal information, we do so in line with our obligation to keep your data safe and secure. We will never sell your details to someone else.
Where your information is processed
All countries within the EU must ensure the same high standard of data protection; countries outside of the EU may not provide the same level of legal protection in relation to your personal data.
‘Data controllers’ and ‘data processors’
There are also third parties that we may deal with where we are the sole ‘data controller’ and they are the ‘data processor’. An example would be a company such as Disclosure and Barring Service (criminal records) checks. Although processors still have legal obligations under the General Data Protection Regulations, the ‘data controller’ should ensure that these obligations are being met. Accordingly, we would look to put in place contracts to make sure that your information is protected to at least an equivalent level as would be applied by UK / EU data privacy laws.
Data processing outside of the EU
The third parties with whom we deal may be global corporations, with branches located around the world. For example, our primary data management system provider, Advanced Computer Services Limited (for Solicitors), has a sub-processor based in India, as well as the UK. Although your data is held on our server and in the Advanced data centres based in the UK, there may be occasions where Advanced needs to rely on colleagues based outside of the EU, for example, to resolve a particular product support query. Access to data (hosted in the UK) is controlled by UK resources who will only grant access to resources in India on a role basis – i.e. Roll-Based Access Control (RBAC). In such situations, there is a possibility that Advanced personnel based in branches outside of the EU could access your personal data for the purposes of resolving such an issue. Advanced have Contracts in place with contractual clauses and GDPR compliant Data Protection clauses signed by the sub-processor and Advanced have systems in place to ensure that your data would be protected.
How we protect your information
Wherever personal information is collected, stored or processed in any way, we have written procedures and safeguards in place to protect its security. Likewise, controls are in place to minimise loss or damage by accident, negligence or deliberate actions. All our employees are regularly trained in data security, and it is a requirement that measures are in place to protect sensitive or confidential information. Clients may also request that information be encrypted when it is stored or transmitted electronically. The identity of an unknown enquirer is always established through the use of security questions, whether the enquiry is made or received and whether the method is the telephone or an electronic communication. Monitoring systems are in place to ensure that this happens.
How long do we keep your information?
Please note that we are required to keep your personal information for specified periods of time to comply with legal and regulatory obligations, even after you cease to be a client. The length of time varies depending on these obligations, for example:
- HMRC requires records relating to business tax purposes to be kept for a minimum period of 6 years
- The government requires Pension Trustees to retain relevant records 5 years after the last filing deadline
- The Pensions Regulator requires certain information about pension schemes, and employee pension scheme records, to be retained for a minimum period of 6 years
- The SRA requires firms to retain records relating to some types of legal services for up to 6 years, for example Powers of Attorney files and for other types of legal services up to 15 years, for example Probate files. We have a policy of retaining this information for much longer than the SRA minimum due to the fact the nature of Morgan Trusts & Tax Planning Limited’s legal business is to build vital tax records and financial records for clients with whom we have an ongoing client relationship. We keep Wills files indefinitely
Morgan Trusts & Tax Planning Limited may also keep relevant records for longer than the minimum periods stated, so that it may investigate and provide evidence in the event of an alleged complaint. This may be up to 12 years after the point of advice, or 12 years after a contract has ceased. The rationale behind this time frame is that an allegation may be made up to 12 years after the occurrence, or up to 3 years after the complainant becomes aware (or could reasonably have been aware) of the occurrence.
Your rights as an individual
You have several rights under data protection legislation regarding how Morgan Trusts & Tax Planning Limited uses your information. These are:
The right to be informed
The right of access
You have the right to access your personal information. If you wish to receive a copy of the personal data we hold about you, you may make what is referred to as a data subject access request by writing to the Data Controller at Morgan Trusts & Tax Planning Limited. We will respond promptly to any such request and in any event not later than one month from the date of receipt of the request (subject to us having the necessary information and authority in place from you to facilitate this request).
The right to rectification
You are entitled to have personal information rectified, if it is inaccurate or incomplete. Please notify us if this is the case, and we will correct this at the earliest opportunity. In most cases this will be within one month, but may take up to three months if the rectification is particularly complex.
The right to erasure
You have a right to ask for your information to be deleted or removed, however there may be circumstances where we are unable to comply with your request, for example if there is a legal or regulatory obligation to hold onto that information.
The right to restrict processing
You may ask that we block or suppress the processing of your personal information for certain reasons, such as where we no longer need the personal data, but you require it to establish, exercise or defend a legal claim. In such a situation we would still keep the information, but we would ensure that we would not use it in the future for the reasons stated.
The right to data portability
You have a right to receive your personal data in a ‘structured, commonly used and machine readable form’ to enable you to move, copy or transfer the information from one IT environment to another in a safe and secure way. For example, you might want to transfer this data to another solicitor. Morgan Trusts & Tax Planning Limited will comply with any such request.
The right to object
You can object to Morgan Trusts & Tax Planning Limited processing your personal information where the basis for processing is for our legitimate interests. (Please refer to ‘How we use your personal data’ for further information). However, you do not have the right to object where we are processing your data on the basis of either fulfilling a contract, or to satisfy a legal or regulatory obligation.
Where the legal basis under which Morgan Trusts & Tax Planning Limited is processing your data is because you have given us consent, you do not have the right to object but you can withdraw your consent. Please note that this may result in our being unable to provide you with any further service.
The right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing which may lead to an automated decision based on your personal data.
What to do if you have a complaint