Lyons Davidson prides itself on being a responsible business and this includes our commitment to looking after the personal data you share with us. We respect your privacy and we want you to be confident that any personal data we hold is secure and processed in a lawful and professional way.
This Policy applies to anyone whose data we hold (including clients, witnesses, visitors to our website, etc.) but does not apply to:
We may change this Policy from time to time, so please check back regularly to keep informed of any updates. This version of the Policy was updated on 22nd December 2020.
In this Policy we use the terms “we”, “us”, and “our” (and other similar terms) to refer to Lyons Davidson; we act as a data controller responsible for your personal data.
Lyons Davidson and Lyons Davidson Solicitors are the trading names of Lyons Davidson Limited, a company registered in England & Wales (company no. 7592441). Our registered office is at 43 Queen Square, Bristol, BS1 4QP.
Lyons Davidson Scotland is a trading name of Lyons Davidson Scotland LLP, an associated practice of Lyons Davidson. Lyons Davidson Scotland LLP is a limited liability partnership registered in Scotland (registration no. SO302969). The registered office is at Enterprise House, 34 Earl Grey Street, Edinburgh EH3 9BN.
Information we collect about you
Personal data means any information about you from which you can be identified. Personal data collected by Lyons Davidson will be limited only to what is necessary dependent upon the nature of the services we are providing but can include:
In certain circumstances, we may collect certain “special category data”, which is data relating to ethnicity, race, religious beliefs, trade union membership, previous convictions and data concerning health (including disabilities).
We will collect personal data about you by various means, including:
If you provide us with personal information about another person, for example a member of your family or details of an employee, you must ensure that:
If you are a business you must ensure that the disclosure is made in accordance with all applicable data protection or privacy law.
How will we use your information?
In general we use your personal data for the following purposes:
We do not use your personal data for automated decision making.
Legal grounds for processing your information
We rely on the following legal reasons for processing your personal data:
Contractual necessity: We will process your personal data when it is necessary to perform a contract you have entered into, or in order to take steps at your request prior to entry into a contract (this includes if you contact a legal advice helpline administered by Lyons Davidson).
Legal obligation: We will process your personal data when it is necessary to comply with a legal or regulatory obligation (e.g. identity checks, external auditing, statutory returns).
Legitimate interests: We will process your personal data when we, or a third party, have a legitimate interest in processing it (e.g. responding to complaints, ensuring our business policies are adhered to, or improving our business by monitoring and recording information relating to our services). We only process for this reason if the legitimate interest is not overridden by your own interests or fundamental rights or freedoms. Please contact us if you would like more information on our, or a third party’s, legitimate interests and the balancing test we use to ensure processing is lawful.
Normally we will only process ‘special category data’ (e.g. data concerning health) when it is necessary in the context of the establishment, exercise or defence of a legal claim. In certain circumstances where we need to process ‘special category data’ in the context of our legal services but outside the scope of such a legal claim (e.g. in order for the quality of our service to be audited) we will obtain your express consent to do so. You may withdraw your consent at any time.
We will only use your personal data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason we will only do so if that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent where this is required by law.
Please contact us if you would like further information on the lawful basis for any specific data processing activity.
Sharing your information
We will share your personal data when:
Who exactly we share your data with will depend on the nature of the service we are providing but can include:
Where our professional duties of confidence as legal advisers require that we seek your consent before sharing your personal data with a third party, we will do so. Such consent has a different legal basis to consent for the purposes of UK privacy law and seeking consent further to our professional duties will not therefore affect the basis of processing in privacy law. The processing under UK privacy law will be on the bases as set out above.
Lyons Davidson will not typically transfer personal data outside of the United Kingdom. Where transfers of personal data outside of the United Kingdom are necessary (this applies to countries both inside and outside of the European Economic Area (“EEA”) including third countries) Lyons Davidson will ensure that such transfers are safeguarded by putting in place appropriate transfer mechanisms as detailed in Articles 44-50 of the UK GDPR.
Storage and retention of your personal data
Your information may be held at our offices or with our external service providers as outlined above. We are committed to the security of your data as shown by our ISO 27001 information security certification. All appropriate technological and organisational measures have been put in place to prevent accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to your personal data. These measures are updated as necessary and audited externally on an annual basis.
How long we retain your personal data for will vary from matter to matter but will be determined in accordance will the following criteria:
In our experience limitation periods do not always determine the end of the useful life of data for our clients. Due to the nature of the work we do, clients usually expect us to maintain a copy of their file for archiving purposes beyond the end of any applicable limitation period. Unless contrary to a legal or contractual requirement, we retain personal data for up to 15 years.
Please contact us if you would like further information on the retention period for your personal data.
We do not typically market our services to children but where a matter involves children they must be represented by their parents, guardians, or other representative. We will explain to the parent or guardian why we need the child’s personal data, how it will be processed and their rights under privacy law.
You have the right to obtain confirmation from us as to whether we are processing your personal data and, if we are, to request a copy of the personal data we hold about you. This is known as a ‘data subject request’. You also have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date. If any of your personal information changes please let us know.
In certain circumstances you have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you.
You have the right to object to certain types of processing.
We will try our best to comply with any request to restrict, object or erase your personal data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict or stop processing your data this may prevent us from acting for you.
You have the right to request that we send a copy of your personal data, that you have provided to us, to another organisation for your own purposes (e.g. if you wish to change service provider). This data must be provided in a structured and usable format. This right only applies to personal data processed by automated means and where the basis for processing is by consent or pursuant to our contract with you. If you wish us to transfer your personal data please let us know.
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However we may charge a reasonable fee should your request be clearly unfounded, repetitive or excessive. In order to prevent unauthorised access to information we may ask for proof of identity. We will do our best to respond to your request within one month, however if that is not possible we will notify you of the reason why and keep you updated.
If you wish to contact us in relation to any of your data subject rights please contact our Data Protection Officer by post at Lyons Davidson, 43 Queen Square, Bristol, BS1 4QP, by email at [email protected] or by telephone on 0344 251 0070.
If you wish to raise a concern about how we have handled your personal data please contact us and we will be happy to discuss your concerns.
You have the right to raise a concern at any time to the Information Commissioner’s Office (“ICO”) who is the UK supervisory authority for data protection issues. For more information on submitting a concern, or the data protection regime in general, please visit the ICO’s website. ICO’s website.