Privacy

At Thatcher + Hallam LLP we take your privacy seriously and this privacy statement explains what personal data or information we collect from you and from people who visit our website and how we use it.  We would encourage you to read the information below.

Who are we?

Thatcher + Hallam LLP is a registered company and our registered office address is: Island House, Midsomer Norton, Radstock, BA3 2HJ.  Thatcher + Hallam LLP is a registered data controller (ICO registration number Z652866)

What personal data or information do we collect?

We may collect personal data about clients, prospective clients, job applicants, our current and former employees, suppliers, and external experts.  The personal information we collect may include your name, address, email address, IP address, and information regarding what pages you access on this website and when.

How do we collect data or information from you?

We collect personal information about you when you:

  • Instruct us to act on your behalf
  • Make an enquiry via our website or via the telephone
  • Use our website
  • Enquire about a job opportunity
  • Work for or with the firm
  • Exchange business cards with a member of the firm

How is your information used?

We collect your personal data or information to operate the firm effectively and provide you with a high-quality service.  We may use your information:

  • To deliver legal services to you on your instruction.
  • To answer enquiries that you make prior to any formal instruction.
  • To avoid any conflict of interest as we represent you
  • To process a job application
  • To fulfil our obligations as an employer
  • To provide benefits to you as an employee
  • To adhere to regulations set out by the Solicitors Regulation Authority
  • To adhere to quality standards as set out under the Lexcel Standard.
  • To maintain security of our office and IT infrastructure
  • To invoice you, and to track payments you make or payments made to you

We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the firm, our contractual requirements to deliver the agreed legal services to you, and our legal obligations, both as a limited company and responsible employer.   If you would like to know more, please read below:

  • Clients
  • Prospective Clients
  • Job Applicants, Our Current and Former Employees
  • Suppliers

Clients

As a client, we will hold the following information about you:

  • Name, date of birth, and contact information.
  • National insurance number
  • Information relating to your legal matter
  • Financial details
  • Demographic information such as postcode
  • Information and documents relating to the service we are providing, including communications with you.
  • Billing and payment information.

We store your information in our practice management system which uses secure servers based in the UK.  We also hold paper copies of your information in the client matter files, stored in our Midsomer Norton office and in a secure, offsite storage archive.

We use third-party online tools:

  • Mimecast to store and back up information electronically. For more information please visit http://www.mimecast.com.

We will retain your client matter file for the duration of our relationship with you, then for a minimum of 6 years after, and a maximum of 12 years, if required for audit purposes.  We will retain financial records for 6 years, following the end of the current financial year.

Prospective Clients

As a prospective client, we may hold the following information about you:

  • Name, date of birth, and contact information.
  • National insurance number
  • Brief information relating to your legal matter
  • Demographic information such as postcode
  • Signposting information we may have provided to you if we are unable to provide you with a service

We store your information in our practice management system which uses secure servers based in the UK.  Communications with you relating to your initial enquiry may also be stored in our email system for a period of 12 months. We will retain minimal personal information about you for a period of 3 years to enable us to conduct conflict of interest checks as required by the Solicitors Regulation Authority.

Job Applicants

When you apply for a job with us, we may hold the following information about you:

  • Name, date of birth, and contact information.
  • Information relating to your qualifications and experience
  • Demographic information such as postcode
  • References where we take them up
  • Information and documents relating to the review, interview and selection process, including communications with you.

We store your information in our practice management system which uses secure servers based in the UK, and in hard copy in a secure filing cabinet in the office.  We will retain your personal data relating to the review for a period of 6 months after the interview date.  The reason we do so is that in the event you were unsuccessful for the position for which you applied, it may be that future vacancies arise for which your retained data may suggest you are suitable.

Current and Former Employees

 When you work for us, we may hold the following information about you:

  • Name, date of birth, and contact information
  • National insurance number and Unique Tax Reference (UTR)
  • Information relating to your qualifications and experience
  • Demographic information such as postcode
  • Information and documents relating to your performance and supervision as an employee of the firm, including communications with you
  • Your photograph, including Passport and Driving Licence
  • Financial information, such as bank details, pension scheme and salary details
  • Information about your next of kin
  • Health information

We store your information in our practice management system which uses secure servers based in the UK, and in hard copy in a secure filing cabinet in the office.  We will also store communications with you on our email server, based in the UK.  We will retain your personal data for the duration of your employment and for a period of 7 years after you leave the firm.  Beyond this point, we only retain minimal information about you to confirm the period of time you were employed by the firm for reference purposes.  We share your information with HMRC, and our chosen pension/benefits providers.

Suppliers

 When you work with the firm as a supplier, we may hold the following information about you:

  • Name and business contact information.
  • Information relating to your qualifications and experience, if relevant
  • Demographic information such as postcode
  • Information relating to your business activities
  • Information and documents relating to the services or products you offer, including our communications with you.
  • Financial information

We store your information in our practice management system which uses secure servers based in the UK.  We will also store communications with you on our email server, based in the UK.  We will retain your information for the duration of our relationship with you and for 7 years after the last purchase we made with you.

Who has access to your information?

We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes.

We will disclose your data or information if required by law, for example by a court order or for the prevention of fraud or other crime.

We may pass information about your matter to other parties as required to provide legal services to you.  For example, we will need to provide information to other law firms involved in the conveyancing process as part of the service we deliver to you.

We may pass your information on to third party service providers for the purposes of completing a task or providing services to you on our behalf. However, we disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for other purposes.  

We currently use Mimecast to provide cloud computing services to host our electronic data.

Transfers outside of the European Economic Area

Your personal information in the European Economic Area (EEA) is protected by data protection laws, but other countries do not necessarily protect your personal information in the same way.  The EEA covers all countries in the EU plus Norway, Liechtenstein and Iceland.  We do not transfer your personal data outside of the EEA.

Your rights

You have certain rights over the processing of your personal information by Thatcher + Hallam LLP.  These are:

  • The right to be informed, which is what this privacy policy is for
  • The right to access the data we hold about you
  • The right to object to direct marketing
  • The right to object to processing carried out on the basis of legitimate interests
  • The right to erasure (in some circumstances)
  • The right to data portability
  • The right to have your data rectified if it is inaccurate
  • The right to have your data restricted or blocked from processing

We do not undertake direct marketing activities, so you will not receive such information from us.

How you can update your information

The accuracy of your information is important to us.  If you change your contact details or if you want to update any of the information we hold on you, please email us at: enquiries@th-law.co.uk or by post at: Data Protection Manager, Thatcher + Hallam LLP, Island House, Midsomer Norton, Radstock, BA3 2HJ.

How you can access your personal information

You have the right to ask for a copy of the personal information Thatcher + Hallam LLP hold relating to you.  To do this please contact the firm on enquiries@th-law.co.uk or by post at: Data Protection Manager, Thatcher + Hallam LLP, Island House Midsomer Norton, Radstock, BA3 2HJ.

You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office

Keeping your data secure

When you give us personal information we take steps to ensure that it’s treated securely and strive to protect it on our internal secure server systems which encrypt your information.

 Contacting us via email

We use Mimecast to encrypt and protect email traffic in line with government standards. If your email service does not support Mimecast you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

More questions?

To contact Thatcher + Hallam LLP with a data protection query regarding the processing of your personal data, please email enquiries@th-law.co.uk.

Changes to this privacy notice

 We keep our privacy notice under regular review. This privacy notice was last updated on 1 July 2018.