Privacy Policy

Last updated: February 2024

 

We will update this Notice from time to time and you should review it along with the Terms of Business contained in our Letter of Engagement with you, whenever you visit our website or before you provide any Personal Data about yourself. The date of the last update will be mentioned above.

 

Background 

The Daswani Law Company (‘The DLC’, ‘we’, ‘us’) value and respect the privacy of those who visit our website or provide information and Personal Data to us for the purposes of availing our legal and consultancy services and/or for carrying out any other business with us.

This Privacy Notice (‘the Notice’) provides information on how we collect information from our clients and other persons or organisations that visit our website, or who we deal with for the purposes of providing our services or administering our business. It should be read in conjunction with the Terms of Business contained in our Letter of Engagement, our website and with the information contained in the Register of Fee Payers published electronically by the Office of the Information Commissioner (‘ICO’).

 

Contents of the Notice

This Notice (together with the Terms of our Website (‘Website Terms’) and any other documents referred to in it) explains how we make use of Personal Data we collect from or about you or which you provide to us.

To use our website, you must consent to the practices described in this Notice which relate to the use of the website, as well as the Website Terms. This will include the processing of your data as set out in this Notice where you get in touch with us via our website or send us a query via email or through references. If you or your organisation is one of our clients, further information will be found in our Letter of Engagement.

 

Who we are? 

For the purposes of the Data Protection Act 2018 (‘the DPA’), and the General Data Protection Regulation (Regulation (EU) 2016/679) (‘the GDPR’) and the UK GDPR, the data controller in respect of any Personal Data submitted by you will be The Daswani Law Company Limited (The DLC) which is a private limited company incorporated under the laws of England and Wales and registered at the Companies House under number 11789453. Our registered office address is 45 Circus Road, NW8 9JH.

Further information about our expertise and services is available on our website https://www.thedlc.co.uk.

 

Who is the person responsible for the management of your Personal Data? 

We are registered with the Information Commissioner’s Office (ICO) under reference number ZA510305.

Although, as per the ICO’s assessment we are not required to have a data protection officer, as the founder of The Daswani Law Company, Geeta Daswani takes responsibility for the processing and management of your Personal Data. For any queries relating to the management of your Personal Data, please do not hesitate to send us an email at geeta@thedlc.co.uk.

 

What Personal Data do we need/receive?

Any references to ‘Personal Data’ in this Notice means information about living individuals, which, alone or in conjunction with other information held by us is capable of identifying them.

More specifically Personal Data has been defined in Article 4(1) of the GDPR and the UK GDPR as: ‘any information relating to an identified or identifiable natural person (‘Data Subject’)’. ‘An identifiable natural person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.’

The DPA, the UK GDPR, the GDPR and any other national implementing legislation relating to data protection in the UK regulate our use of your Personal Data (collectively ‘Applicable Data Protection Law’).

In order to provide our services or while dealing with other legal professionals or with third parties for the administration of our business, we may need the following data from the person we are dealing with (We have tried to cover categories of data that we generally require while providing services to our clients or for operating our business. However, this is not an exhaustive list).

  • Name(s) of the party/parties we are dealing with.
  • Their physical and electronic addresses.
  • Their phone numbers.
  • If the client is a company, the company registration number and registered office address.
  • For the purposes of making payments or any other transactions bank details.
  • For the purposes of carrying out identity and anti-money laundering checks, photo documents proving identity and proof of address.
  • For employment purposes, National Insurance number, photo identification documents and bank account details.
  • Details of an individual’s visits to our website and the resources that they access, including, but not limited to, traffic data, location data, weblogs, and other communication data.
  • Any other information that an individual provides by filling in forms on our website, such as when they register for information.
  • An individual’s social media account details when they follow us on or communicate with us via social media.
  • Any other information provided to us when an individual communicates with us for any reason.

 

Sources of Personal Data 

We may obtain Personal Data from you when you contact us or visit our offices or get in touch with us via our website or when you or your organisation correspond with us through any means of communication. This includes Personal Data you provide to us when you:

  • contact us with a question or query
  • ask us to collaborate with you on any assignment
  • contact us or authorise anyone to contact us about employment with The DLC
  • contact us to provide us your services or goods
  • correspond with us to address any queries/complaints that we may have raised
  • register for a seminar or event where information is shared between fellow members
  • register to receive legal updates and newsletters from us
  • attend events and provide our staff with business cards or contact details
  • deal with us when we are providing services to our clients (which may be you, your organisation or a third party)
  • make a complaint
  • submit identity documents directly to us or to third party agencies commissioned by us to collect your Personal Data for the purposes of carrying out identity checks and
  • connect with us on social media.

 

We may also collect and retain Personal Data:

  • obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House, or other online sources accessible through Search Engine Optimisation searches
  • obtained from third parties, who may include our clients, legal and accountancy professionals and their firms, insolvency practitioners, courts, professional regulators, public bodies, and other entities, including credit reference agencies and providers of analysis, screening and database services who have a right to disclose this information to us and
  • relating to whether our contacts read electronic correspondence from us or click on links we send them.

 

What are the purposes of processing your Personal Data?

We may use your Personal Data for a number of purposes as set out below. If you or your organisation are a client of The DLC, further information relating to the use, processing, retention, and management of your Personal Data is provided in the Letter of Engagement.

  • To provide you or your organisation or our clients with information or services (we will keep this until you tell us to remove your Personal Data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services) and to improve and to tailor how we provide those services and that information.
  • To perform a contract with the person about whom we hold Personal Data (we will keep your Personal Data for so long as is necessary for the contract and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter if you are a client or from the date you last dealt with us if you are any party other than a client).
  • To deal with enquiries or requests or to contact people on behalf of our clients (we’ll keep your Personal Data for so long as is necessary to deal with the enquiry or request and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter).
  • To protect or pursue The DLC’s legitimate interests or those of our clients, the courts or anyone else we provide Personal Data to, after taking into account the legitimate interests of the person the Personal Data is about.
  • To conduct data analysis, matching and screening techniques and services.
  • To comply with the law – for example, when performing background, know-your-client or money laundering checks (we’ll keep your Personal Data for so long as is necessary to document our compliance with the law and our regulator’s requirements, the period of retention not being less than 6 [six] years from the date of termination of the matter if you are a client or from the date you last dealt with us if you are any party other than a client).
  • To protect the personal and organisational security and the financial resources of our firm and our clients (we’ll keep your Personal Data for so long as we reasonably think necessary to protect those interests).
  • To assess the creditworthiness of a person or organisation we’re considering doing business with (we’ll keep their Personal Data until we make a decision about doing business with them and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter).
  • To assess the financial resources of an individual or organisation in relation to legal rights, claims and defences as part of our work as legal professionals (we’ll keep your Personal Data for so long as is necessary to make those assessments, to conduct legal proceedings and then to document to our clients, courts, and regulators that we’ve complied with our legal and regulatory obligations to them).
  • To promote the services, we provide and obtain new business (we’ll keep your Personal Data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our services).
  • To pay our debts (we’ll keep your Personal Data until we’ve paid our debts and then as necessary for our tax affairs and to prove we’ve made the payment – this may be up to 6 [six] years from the date on which the Personal Data was submitted to us).
  • To offer our business contacts the opportunity to attend events and seminars and to receive information about the firm, legal updates and topics we think might interest them (where you have opted in to receive this information from us or if the law permits us to provide it without an explicit opt-in, we’ll keep your Personal Data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our events, seminars and information).
  • To promote the administration of justice, comply with the Code and comply with our solicitors’ duties as officers of the court (we’ll keep your data for so long as is necessary to achieve this – in some cases this may be up to 12 [twelve] years from the date on which the Personal Data was submitted to us) and
  • In any other way, which we consider necessary and appropriate, in order to conduct our business as a law firm, including fulfilling our professional, regulatory, and legal obligations to our clients, the courts or other persons (we’ll keep your Personal Data for as long as we need to in order to achieve this, but for no longer than is necessary).
  • Social Media- We may gather certain Personal Data in relation to you as a result of being connected with you on social media platforms such as LinkedIn, Instagram, Facebook, Twitter, and other similar platforms. You may at any given point in time discontinue your connection with us on social media platforms.

Where we have obtained Personal Data for any of the purposes set out in this Notice, we may use it in connection with internal data analysis and also for any of the other purposes set out in this Notice. This does not affect your legal right to object to the use of your Personal Data for direct marketing purposes.

 

Personal Data we may obtain from our website about our web visitors

We may automatically collect the following information, which may or may not be Personal Data, on anyone visiting the website:

  • IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access, including browser information, time zone settings and hardware information
  • how visitors use our website, including dates and times and any details of how and for what duration particular resources are viewed or used and
  • clickstream data, including where users navigate to and from our website and any searches you have made on or relating to our website.

We will use this Personal Data to:

  • run our website and ensure it works properly
  • improve how we present the information on it and make browsing easier and more productive and
  • maintain the website’s security and that of our visitors.

 

Cookies

Cookies are small text files that are downloaded to your device by websites you visit. Currently our website doesn’t use any analytical tools. However, we may use a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. The information that the cookies collect, such as the number of visitors to the website, the pages visited and the length of time spent on the website, may be aggregated and will therefore be anonymous.

We don’t use cookies in a way that allows us to identify website users.

You may refuse the use of cookies or withdraw your consent at any time by selecting the appropriate settings on your browser. This may prevent you from accessing all of our website.

 

Lawful basis for processing your Personal Data

The following is the lawful basis for us processing your Personal Data:

  • Consent (Article 6.1 (a) of the GDPR 2016/679 and the UK GDPR)- In order to avail of our services, you consent to us obtaining and processing your Personal Data. If you or your organisation are our client, the Letter of Engagement along with this Notice sets out the purposes for which your Personal Data may be obtained and processed by us. By signing the Letter of Engagement and by continuing to deal with us you confirm that you have consented to us processing your Personal Data.
  • Contractual necessity (Article 6.1 (b) of the GDPR 2016/679 and the UK GDPR)- One of the grounds for obtaining and processing your Personal Data is so that we can perform our services in line with the scope of the Letter of Engagement to which you, as our client are a party.
  • Compliance with legal obligations (Article 6.1 (c) of the GDPR 2016/679)- We are regulated by the SRA (Solicitors Regulation Authority). As a regulated legal practice, we have to comply with certain legislative and regulatory requirements relating to client due diligence. Consequently, we may process your Personal Data to carry out identity checks and to maintain records of customer due diligence. We employ third party service providers for the purposes of carrying out client identity checks. However, we remain the data controllers.
  • Legitimate interests (Article 6.1 (f) of the GDPR 2016/679)- In circumstances where you or your organisation are a client of The DLC or an employee we will process your Personal Data to promote and pursue the legitimate interests of our organisation, or you as our clients/employees.

 

Who will receive your Personal Data?

Your Personal Data may be received by:

  • The DLC and its staff who need to receive your Personal Data in order to provide services to you or to carry out the administration of business.
  • Our chartered accountants when they are processing our invoices, financial statements, payrolls and filing our tax returns at Her Majesty’s Revenue and Customs (the HMRC).
  • Any authorities or government bodies such as the HMRC to whom the Personal Data may need to be submitted.
  • Any regulatory authorities such as the Solicitors Regulation Authority (SRA) by who we are regulated.
  • Any external auditors to whom we may have to provide Personal Data of our clients and employees for the purposes of carrying out the audit.
  • Legal professionals representing or working for parties with whom you enter into a contract or a dealing of any kind.
  • Third party agencies that specialise in undertaking client identity checks, money-laundering checks, and credit checks.
  • Third party agencies who provide platforms for clients to leave reviews, such as Review Solicitors.
  • Freelancers engaged by The DLC, such as assistants and social media managers.
  • Any other party you may instruct us to share your Personal Data with.
  • Any other solicitor or firm who may take over the business of The DLC, either by purchasing it or by way of a merger or in the event of any catastrophic circumstances by reason of which new management has to continue The DLC’s business.

 

Transfer of Personal Data to international organisations or countries outside the EEA and the UK 

While providing services to our clients we may have to liaise with and provide information including Personal Data to third parties located in territories outside of the UK and the EEA.

Where we transfer Personal Data to third parties outside of the UK and the EEA, we will ensure that the recipients are aware of the provisions of the UK GDPR as well as the GDPR and that they provide an adequate level of protection for the rights of persons whose Personal Data has been shared with them. If we are required to transfer Personal Data outside the UK and/or the EU, necessary risk assessments will be undertaken, and data transfer agreements will be entered into.

In addition, all our inbound and outbound email communications are TSL (Transport Security Layer) encrypted.

 

Our Data Map

The following flow-chart explains our data map:

 

 

Retention of Personal Data and Privacy by Design

For Personal Data relating to our clients The DLC uses Clio, a cloud-based case management software. We chose Clio as our case management software because the Law Society of England and Wales endorse it. Clio stores all data on high-security servers with 256-bit SSL encryption and storage redundancies to prevent loss due to catastrophic events. Advanced permissions and password features ensure only authorised staff get access.

Your Personal Data will be retained by us for the duration as will be deemed necessary by us for the purposes of providing further services, marketing or growing our business, such duration not being less than 6 [six] years from the date of termination of the matter if you are a client, or the date on which you last dealt with us in case you are a party other than our client.

 

Hosting and back-end infrastructure

Website host: We use third-party hosting services for the purposes of hosting data and files that enable our website to run and be distributed as well as to enable us to run specific features and functions within our website. Whilst we use a UK-based host (Site Ground), it is possible that some of these functions work through geographically distributed servers, thereby making it difficult to identify the exact location where the Personal Data is stored.

 

(1) The DLC website is hosted by Site Ground.

The details relating to Site Ground are as below:

Personal Data collected: Various types of data as specified in this Notice.

Site Ground’s Privacy Policy: https://www.siteground.co.uk/privacy.htm

 

(2) Case Management System: We also use a cloud-based case and legal practice management called Clio. Through Clio, all data is stored on the cloud. Access to Clio is protected via advanced permissions and password features. Clio’s security is GDPR and SRA compliant.

The details relating to Clio are as below:

Personal Data stored: Various types of data specified in this Notice.

Clio’s Privacy Policy: https://www.clio.com/uk/gdpr/

 

(3) Reviews: In order to collect verified client reviews, we use Review Solicitors.

The details relating to Review Solicitors are as below:

Personal Data stored: As informed by Review Solicitors, they do not store any Personal Data relating to our end clients.

Review Solicitors’ Privacy Policy: https://www.reviewsolicitors.co.uk/privacy-policy

 

Social Media

Please remember that when you share information publicly on a website or on social media platforms, for example a comment on a blog post or within social media groups, it may be indexable by search engines, including Google, which may mean that the information is made public.

When you participate in conversations on social media your Personal Data may be visible to members of the concerned social media group and to the public in general. Please note that you participate in social media related activities at your sole discretion, and we shall not be liable for the access and use of your Personal Data by third parties via social media, including circumstances where third parties contact you or initiate a conversation with you, on social media or otherwise, as a result of your Personal Data being made available to them via our social media groups or any activity you participate in through our social media platforms or by connecting with us on social media.

Also please note you may be tracked by Facebook (Meta), Google, LinkedIn, or Instagram (Meta) cookies if you access our profile via these social media platforms. The links to their respective privacy policies have been provided below:

  1. Facebook- privacy policy
  2. Instagram- privacy policy
  3. Google- privacy policy
  4. LinkedIn- privacy policy

 

Children’s Privacy

We do not knowingly collect or process Personal Data from anyone under the age of 13 (thirteen) years old (‘Child’/ ‘Children’). Our Services and Website Content are not directed at minors, i.e., persons below the age of 18 (eighteen) years, especially children below the age of 13 (thirteen) years.

If you are a parent or guardian and you are aware that your Child has provided us with Personal Data without your consent, please contact us. Unless contacted by a parent or legal guardian, we have no way of knowing that Personal Data was submitted by a Child without parental consent. As a parent/legal guardian you understand that the onus of controlling your Child’s Personal Data lies on you. If we become aware, after notification by a parent/legal guardian or the Child themselves, that we have collected Personal Data from a Child without verification of parental consent, we take steps to remove that Personal Data from our servers.

 

What are your rights with respect to your Personal Data?

Under the DPA, you have the following rights in relation to your own Personal Data:

  • to prevent us from using your Personal Data for direct marketing
  • to have (in certain circumstances) inaccurate Personal Data corrected, blocked, or destroyed
  • to access a copy of the information comprised in your Personal Data that is undergoing processing (‘subject access rights’)
  • to object to automated decisions (The DLC does not, however, use automated decision making)
  • the right to withdraw consent from us continuing to process your Personal Data and
  • the right to object to processing that is likely to cause or is causing damage or distress.

 

If you want to (1) tell us to stop using your Personal Data for direct marketing or withdraw consent from us processing your Personal Data for any of the purposes mentioned in this Notice; (2) exercise your subject access rights; (3) tell us about inaccurate Personal Data you think we hold on you; or (4) object to a use you believe we’re making of your Personal Data which is causing, or is likely to cause, damage or distress, please contact our Data Protection Manager geeta@thedlc.co.uk or write to us at this address:

The Data Protection Manager

The Daswani Law Company Limited

45 Circus Road, NW8 9JH

 

Unless the law permits us to do so, we will not charge you to exercise your subject access rights, but we may charge a reasonable fee reflecting our administrative costs should you request further copies of the Personal Data. When you contact us to exercise any of the above rights, we will first ensure that the person requesting the Personal Data is the person whose Personal Data is being sought (or that it is being requested on that person’s behalf). This may involve providing us with proof of your identity or your authority to act for the data subject. We can also ask you for any information we need to help us find the Personal Data you’re enquiring about.

 

We will also provide you with the following information relating to your Personal Data:

  • the purpose for which we’re processing it
  • what categories of Personal Data about you we process
  • the recipients of your Personal Data, if any, including specifically international or foreign organisations
  • our expected retention period or how we’ll calculate this if we don’t know yet
  • your rights in relation to the Personal Data and
  • the source of the Personal Data if we didn’t get it from you.

 

Right to lodge a complaint

If you are unhappy with the way we are processing your Personal Data you can lodge a complaint by writing to our Data Protection Manager at geeta@thedlc.co.uk or by sending your complaint to:

The Data Protection Manager

The Daswani Law Company

45 Circus Road

London NW8 9JH

 

You are also entitled to make a complaint at the Information Commissioner’s Office (ICO).

The ICO’s address is:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk