GDPR Data Retention and Privacy Policy

Who are we?
Thomas Horton LLP is a Limited Liability Partnership incorporated in England and Wales and is a ‘controller’ under the General Data Protection Regulation.

What information will we collect from you?
Any information provided using our website contact form is provided directly to Thomas Horton LLP and not retained by any third party. This information is collected so that we can contact you about your enquiry.

In respect of information provided to us regarding new enquiries and requests for quotations as to costs for a matter, we retain this information for 12 months from initial contact. This information is retained to allow us to take immediate steps in the event you instruct us.

We will only collect information from you that is relevant to the matter that we are dealing with. In particular we may collect the following information from you which is defined as ‘personal data’:
• Personal details
• Family, lifestyle and social circumstances
• Financial details
• Business activities of the person whose details we are processing

We may also collect and in circumstances are required to collect information that is referred to as being in a ‘special category’. This could include:
• Physical or mental health details
• Racial or ethnic origin
• Religious beliefs or other beliefs of a similar nature
• Criminal convictions
• Sexual orientation

How will we use your information?
We will mainly use your information for the provision of legal advice and this is necessary for the performance of the contract between us. We may also use it for:
• Identifying any Conflict of Interest
• Administering any accounts
• Processing your bank/credit card details in order to obtain payment
• The prevention and detection of fraud
• Credit reference checks (where appropriate)

For the avoidance of doubt, we do not retain any information for the purpose of Market research or Marketing.

Who will we share your information with?
There are no circumstances in which we use the information we hold for marketing purposes and we do not share your information with any marketing agencies.

We are governed by the Solicitors Regulation Authority and abide by their Code of Conduct and any guidance issued by the Law Society.

There are very strict rules about who we can share your information with and this will normally be limited to other people who will assist with your matter. This may include:
• Barristers
• Medical Experts
• Private Investigators
• Healthcare professionals, social and welfare organisations
• Courts and tribunals
You are entitled to see the personal information we hold about you and where you authorise us we may also disclose your information to your family, associates or representatives. Any requests for such disclosure should be made to the Data Protection Officer, Richard Hull.
We may also disclose your information to debt collection agencies if you do not pay our bills.

Data retention – How long will we keep your information for?
Under our terms of business we will keep your file and any information within it throughout the period of time that we do work for you and afterwards for a period of six years as we are required to do by law and to protect you in the event that you need access to the information.

Files where we act for children are more complicated and should be retained for a period of 6 years after the youngest child attains 18 years in the event that they ever want to access their file. As the archiving system is now more streamlined, we identify that date as the review date for the file to be destroyed.

Staff files and information are retained for 6 years from the cessation of employment. Information regarding prospective employees is held for 12 months from the date of receipt with their express agreement that they are happy for us to do so. If such agreement is not received information is destroyed.

Experts, Counsel and Service Providers. We annually review the information we hold and we only retain such information as is necessary.

You can submit a request that your data be deleted to our Data Protection Officer, Richard Hull by email to rah@thomashorton.co.uk.

In relation to your name, address, personal details (such as Date of Birth etc.,) and the nature of the matters in respect of which we have acted for you, we will not remove this data unless requested to do so by yourself. The purpose of this retention is to allow us to effectively support you in the event of further instruction by being able to access those matters for which we have acted for you before and also to enable us to identify circumstances where we should not act for you or someone else because of prior involvement with someone involved in any given transaction (commonly known a Conflict of Interest).

What rights do you have?

You have a series of rights under the General Data Protection Regulation including the right to access a copy of the information we hold about you. Further information on this issue can be obtained from our Data Protection Officer, Richard Hull at our Head Office or by email at rah@thomashorton.co.uk.

Who can you complain to if you are unhappy about what we have done with your information?
If you are unhappy about how we are using your information then initially you should contact the Data Protection Officer, Richard Hull and if your complaint remains unresolved then you can contact the Information Commissioner’s Office, details available at www.ico.org.uk.

All staff receive annual training on the application of the General Data Protection Regulations and the person responsible for this Policy is Mr Richard Hull, Managing Partner.

Dated 22nd May 2019