Data & Privacy policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use your personal data we are regulated under the EU General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK and EU legislation and our professional duty of confidentiality.
Key terms
It would be helpful to start by explaining some key terms used in this policy:
We, us, our Credito Group - Our data protection officer
Personal data - Any information relating to an identified or identifiable individual
Special category personal data - Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic data - Biometric data (where used for identification purposes) Data concerning health, sex life or sexual orientation
Personal data we collect about you
We do not collect personal information about you unless you provide it to ourselves directly, by engaging through an online enquiries form or with a member of our team.
The below sets out the personal data we will or may collect in the course of providing services. This may include special category personal data.
Personal data we will collect
Your name, address and telephone number
Electronic contact details, eg your email address and mobile phone number
Personal data we may collect depending on why you have instructed us
Information to enable us to check and verify your identity, eg your date of birth or passport details
Information relating to the matter in which you are seeking our advice or representation
Information to enable us to undertake a credit or other financial checks on you
Your financial details so far as relevant to your instructions, eg. the source of your funds if you are instructing on a purchase transaction
Your National Insurance and tax details Your bankand/or building society details
Details of your professional online presence, eg LinkedIn profile
Details of your spouse/partner and dependants or otherfamily members, eg if you instruct us on a family matter or a will
Your employment status and details including salary and benefits, eg if you instruct us on matter in which your employment status or income is relevant.
Your nationality and immigration status and information from related documents, such as your passport or other identification, and immigration information, eg if you instruct us on an immigration matter.
Details of your pension arrangements, eg if you instruct us on a pension matter or in relation to financial arrangements following breakdown of a relationship
Your employment records including, where relevant, records relating to sickness and attendance, performance, disciplinary, conduct and grievances, eg if you instruct us on matter which your employment records are relevant.
This personal data is required to enable us to provide legal services. If you do not provide the personal data we ask for, it maydelay or prevent us from providing those services. For information on why we use this personal data, see below: ‘How and why we use personal data’ and ‘How and why we use special category personal data’.
How your personal data is collected
We collect most of this information from you, direct or via our online enquiry form. However, we may also collect information:
• from publicly accessible sources, eg Companies House or HM Land Registry;
• directly from a third party, eg:
– sanctions screening providers;
– credit reference agencies;
– client due diligence providers;
• from a third party with your consent, eg:
– your bank or building society, another financial institution or advisor;
– consultants and other professionals we may engage in relation to your matter;
– your employer and/or trade union, professional body or pension administrators;
– your doctors, medical and occupational health professionals;
• via our website—we use cookies on our website (for more information on cookies, please see our cookie policy)
• via our information technology (IT) systems, eg:
– case management, document management and time recording systems
– door entry systems and reception logs;
– automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems;
How and why we use personal data
Under data protection law, we can only use personal data if we have a proper reason for doing so, eg:
• to comply with our legal and regulatory obligations;
• for the performance of our contract with you or to take steps at your request before entering into a contract;
• for our legitimate interests or those of a third party; or
• where you have given consent.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by your own rights and interests.
The below explains how we use personal data and our reasons for doing so:
What we use personal data for
Our reasons
To provide legal services to our clients
For the performance of our contract with our client or to take steps at our client’s request before entering into a contract
Conducting checks to identify our clients and verify their identity
Screening for financial and other sanctions or embargoes
Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safetyregulation or rules issued by our professional regulator
To comply with our legal and regulatory obligations