Last updated: February 2021
We will update this notice from time to time. You should review this along with the Terms of Business contained in our Letter of Engagement with you whenever you visit our website, or before you provide any Personal Data about yourself. The date of the last update will be mentioned above.
The Daswani Law Company (“The DLC”, “we”, “us”) value and respect the privacy of those who visit our website or provide information and personal data to us for the purposes of availing our legal and consultancy services and/or for carrying out any other business with us.
This Privacy Notice (“the Notice”) provides information on how we collect information from our clients and other persons or organisations that visit our website or who we deal with for the purposes of providing our services or administering our business. It should be read in conjunction with the Terms of Business contained in our Letter of Engagement, our website and with the information contained in the Register of Fee Payers published electronically by the Office of the Information Commissioner (“ICO”).
Contents of the Notice
This Notice (together with the Terms of our Website (“Website Terms”) and any other documents referred to in it) explains how we make use of personal data we collect from or about you or which you provide to us.
To use our website, you must consent to the practices described in this Notice which relate to the use of the website, as well as the Website Terms. This will include the processing of your data as set out in this Notice where you get in touch with us via our website or send us a query via email or through references. If you or your organisation is one of our clients, further information will be found in our engagement letter.
Who we are?
For the purposes of the Data Protection Act 2018 (the DPA), the General Data Protection Regulation (Regulation (EU) 2016/679) (“the GDPR”) and the UK GDPR, the data controller in respect of any personal data submitted by you will be The Daswani Law Company Limited (the DLC). The DLC is a private limited company incorporated under the laws of England and Wales and registered at the Companies House under number 11789453. Our registered office address is 45 Circus Road, NW8 9JH.
Further information about our expertise and services is available on our website https://www.thedlc.co.uk.
Who is the person responsible for the management of your data?
We are registered with the Information Commissioner’s Office (ICO) under reference number ZA510305.
Although, as per the ICO’s assessment we are not required to have a data protection officer, as the founder of The Daswani Law Company, Geeta Daswani takes responsibility for the processing and management of your Personal Data. For any queries relating to the management of your personal data send us an email at Geeta@thedlc.co.uk.
What personal data do we need/receive?
Any references to “Personal Data” in this Notice means information about living individuals, which, alone or in conjunction with other information held by us is capable of identifying them. The DPA, the UK GDPR and the GDPR regulate our use of your Personal Data.
In order to provide our services or while dealing with other legal professionals or with third parties for the administration of our business, we may need the following data from the person we are dealing with (We have tried to cover categories of data that we generally require while providing services to our clients or for operating our business. However, this is not an exhaustive list):
- name(s) of the party/parties we are dealing with;
- their physical and electronic addresses;
- their phone numbers;
- if the client is a company, the company registration number and registered office address;
- for the purposes of making payments or any other transactions bank details; and
- for the purposes of carrying out identity and anti-money laundering checks photo documents proving identity and proof of address.
Sources of personal data
We may obtain Personal Data from you when you contact us, visit our offices, get in touch via our website or when you/your organisation correspond with us through any means of communication. This includes Personal Data you provide to us when you:
- contact us with a question or query;
- ask us to collaborate with you on any assignment;
- contact us or authorise anyone to contact us about employment with the DLC;
- contact us to provide us your services or goods;
- correspond with us to address any queries/complaints that we may have raised;
- register for a seminar, event where information is shared between fellow members;
- register to receive legal updates and newsletters from us;
- attend events and provide our staff with business cards or contact details;
- deal with us when we are providing services to our client (which may be you, your organisation or a third party);
- make a complaint;
- Submit identity documents directly to us or to third party agencies commissioned by us to collect your data for the purposes of carrying out identity checks; and
- connect with us on social media.
We may also collect and retain Personal Data:
- obtained from public sources about you or your organisation, which includes all information available on your website, the Companies House or other online sources accessible through Search Engine Optimisation searches;
- obtained from third parties, who may include our clients, legal and accountancy professionals and their firms, insolvency practitioners, courts, professional regulators, public bodies, and other entities, including credit reference agencies and providers of analysis, screening and database services who have a right to disclose this information to us; and
- relating to whether our contacts read electronic correspondence from us or click on links we send them.
What are the purposes of processing your Personal Data?
We may use your Personal Data for a number of purposes as set out below. If you or your organisation are a client of The DLC, further information relating to the use, processing, retention and management of your Personal Data is provided in the Letter of Engagement.
- To provide you or your organisation or our clients with information or services (we will keep this until you tell us to remove your personal data from our records for these purposes, or until we have reason to believe that you may no longer have any need for this information and our services) and to improve and tailor how we provide those services and that information.
- To perform a contract with the person about whom we hold data (we will keep your data for so long as is necessary for the contract and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter if you are a client or from the date you last dealt with us if you are any party other than a client).
- To deal with enquiries or requests or to contact people on behalf of our clients (we’ll keep your data for so long as is necessary to deal with the enquiry or request and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter).
- To protect or pursue The DLC’s legitimate interests or those of our clients, the courts or anyone else we provide personal data to, after taking into account the legitimate interests of the person the data is about.
- To conduct data analysis, matching and screening techniques and services.
- To comply with the law – for example, when performing background, know-your-client or money laundering checks (we’ll keep your data for so long as is necessary to document our compliance with the law and our regulator’s requirements, the period of retention not being less than 6 [six] years from the date of termination of the matter if you are a client or from the date you last dealt with us if you are any party other than a client).
- To protect the personal and organisational security and the financial resources of our firm and our clients (we’ll keep your data for so long as we reasonably think necessary to protect those interests).
- To assess the creditworthiness of a person or organisation we’re considering doing business with (we’ll keep their data until we make a decision about doing business with them and then as required for legal and compliance purposes, the period of retention not being less than 6 [six] years from the date of termination of the matter).
- To assess the financial resources of an individual or organisation in relation to legal rights, claims and defences as part of our work as legal professionals (we’ll keep your data for so long as is necessary to make those assessments, to conduct legal proceedings and then to document to our clients, courts and regulators that we’ve complied with our legal and regulatory obligations to them).
- To promote the services, we provide and obtain new business (we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our services).
- To pay our debts (we’ll keep your data until we’ve paid our debts and then as necessary for our tax affairs and to prove we’ve made the payment – this may be up to 6 [six] years from the date on which data was submitted to us).
- To offer our business contacts the opportunity to attend events and seminars and to receive information about the firm, legal updates and topics we think might interest them (where you have opted in to receive this information from us or if the law permits us to provide it without an explicit opt-in, we’ll keep your data unless you ask us to remove it from our records or we decide you’re not likely to be interested in our events, seminars and information)
- To promote the administration of justice, comply with the Code and comply with our solicitors’ duties as officers of the court (we’ll keep your data for so long as is necessary to achieve this – in some cases this may be up to 12 [twelve] years from the date on which data was submitted to us).
- In any other way, which we consider necessary and appropriate, in order to conduct our business as a law firm, including fulfilling our professional, regulatory and legal obligations to our clients, the courts or other persons (we’ll keep your data for as long as we need to in order to achieve this, but for no longer than is necessary).
- Social Media- We may gather certain personal data in relation to you as a result of being connected with you on social media platforms such as LinkedIn, Instagram, Facebook, Twitter and other similar platforms. You may at any given point in time discontinue your connection with us on social media platforms.
Where we have obtained Personal Data for any of the purposes set out in this Notice, we may use it in connection with internal data analysis and also for any of the other purposes set out in this Notice. This does not affect your legal right to object to the use of your data for direct marketing purposes.
Personal data we may obtain from our website about our web visitors
We may automatically collect the following information, which may or may not be Personal Data, on anyone visiting the website:
- IP addresses (static or dynamic) and other technical information relating to the virtual or physical location of a visitor and their means of access, including browser information, time zone settings and hardware information;
- how visitors use the website, including dates and times and any details of how and for what duration particular resources are viewed or used; and
- clickstream data, including where users navigate to our site to and from and any searches you have made on or relating to our site.
We will use this data to:
- run our website and ensure it works properly;
- improve how we present the information on it and make browsing easier and more productive; and
- maintain the site’s security and that of our visitors.
Cookies are small text files that are downloaded to your device by websites you visit. Currently our website doesn’t use any analytical tools. However, we may use a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site may be aggregated and will therefore be anonymous.
Lawful basis for processing your personal data
The following is the lawful basis for processing your personal data:
- Consent- In order to avail of our services, you consent to us obtaining and processing your Personal Data. If you or your organisation are our client the Letter of Engagement along with this Notice sets out the purposes for which your Personal Data may be obtained and processed by us. By signing the Letter of Engagement and by continuing to deal with us you confirm that you have consented to us processing your Personal Data.
- Contractual necessity– One of the grounds for obtaining and processing your Personal Data is so that we can perform our services in line with the scope of the Letter of Engagement to which you, as our client are a party.
- Compliance with legal obligations- We are regulated by the SRA (Solicitors Regulation Authority). As a regulated legal practice, we have to comply with certain legislative and regulatory requirements relating to client due diligence. Consequently, we may process your data to carry out identity checks and maintain records of customer due diligence.
We employ third party service providers for the purposes of carrying out client identity checks. However, we remain the data controllers.
- Legitimate interests- In circumstances where you or your organisation are a client of the DLC or an employee we will process your Personal Data to promote and pursue the legitimate interests of our organisation, or you as our clients/employees
Who will receive your Personal Data?
Your personal data may be received by:
- The DLC and its staff who need to receive your Personal Data in order to provide services to you or to carry out the administration of business;
- our chartered accountants when they are processing our invoices, financial statements, payrolls and filing our tax returns at Her Majesty’s Revenue and Customs (the HMRC);
- any authorities or government bodies such as the HMRC to whom the information may need to be submitted;
- any regulatory authorities such as the Solicitors Regulation Authority (SRA) by who we are regulated;
- any external auditors to whom we may have to provide Personal Data of our clients and employees for the purposes of carrying out the audit;
- legal professionals representing or working for parties with whom you enter into a contract or a dealing of any kind;
- third party agencies that specialise in undertaking client identity checks, money-laundering checks and credit checks;
- any other party you may instruct us to share your Personal Data with; and
- any other solicitor or firm who may take over the business of the DLC either by purchasing it or by way of a merger or in the event of any catastrophic circumstances by reason of which new management has to continue The DLC’s business.
Transfer of Personal Data to international organisations or countries outside the EEA and the UK
While providing services to our clients we may have to liaise with and provide information including Personal Data to third parties located in territories outside of the UK and the EEA.
Where we transfer Personal Data to third parties outside of the UK and the EEA we will ensure that the recipients are aware of the provisions of the UK GDPR as well as the GDPR and that they provide an adequate level of protection for the rights of persons whose Personal Data has been shared with them.
In addition, all our inbound and outbound email communications are TSL (Transport Security Layer) encrypted.
Retention of personal data
For data relating to our clients The DLC uses Clio, a cloud-based case management software. We chose Clio as our case management software because the Law Society of England and Wales endorse it. Clio stores all data on high-security servers with 256-bit SSL encryption and storage redundancies to prevent loss due to catastrophic events. Advanced permissions and password features ensure only authorised staff get access.
Your Personal Data will be retained by us for the duration deemed necessary by us for the purposes of providing further services, marketing or growing our business. The duration not being less than 6 [six] years from the date of termination of the matter if you are a client or the date on which you last dealt with us, in case you are a party other than our client.
Hosting and back-end infrastructure
We use third-party hosting services for the purposes of hosting data and files that enable our website to run and be distributed as well as to enable us to run specific features and functions within our website. Some of these functions work through geographically distributed servers, thereby making it difficult to identify the exact location where the personal data is stored.
The DLC website is hosted by Go Daddy.
The details relating to Go Daddy are as below:
Personal Data collected: Various types of data as specified in this Privacy Notice
We also use a cloud-based case and legal practice management called Clio. Through Clio, all data is stored on the cloud. Access to Clio is protected via advanced permissions and password features. Clio’s security is GDPR and SRA compliant.
The details relating to Clio are as below:
Personal Data stored: Various types of data specified in this Privacy Notice
What are your rights with respect to your Personal Data?
Under the DPA, you have the following rights in relation to your own Personal Data:
- to prevent us using your data for direct marketing;
- to have (in certain circumstances) inaccurate Personal Data corrected, blocked or destroyed;
- to access a copy of the information comprised in your Personal Data that is undergoing processing (“subject access rights”);
- to object to automated decisions (the DLC does not, however, use automated decision making);
- the right to withdraw consent from us continuing to process your Personal Data; and
- a right to object to processing that is likely to cause or is causing damage or distress.
If you want to (1) tell us to stop using your data for direct marketing or withdraw consent from us processing your Personal Data for any of the purposes mentioned in this Notice; (2) exercise your subject access rights; (3) tell us about inaccurate Personal Data you think we hold on you; or (4) object to a use you believe we’re making of your data which is causing, or is likely to cause, damage or distress, please contact our Data Protection Manager Geeta@thedlc.co.uk or write to us at this address:
The Data Protection Manager
The Daswani Law Company Limited
45 Circus Road, NW8 9JH
Unless the law permits us to do so, we will not charge you to exercise your subject access rights, but we may charge a reasonable fee reflecting our administrative costs should you request further copies of the Personal Data. When you contact us to exercise any of the above rights, we will first ensure that the person requesting the data is the person whose data is being sought (or that it is being requested on that person’s behalf). This may involve providing us with proof of your identity or your authority to act for the data subject. We can also ask you for any information we need to help us find the Personal Data you’re enquiring about.
We will also provide you with the following information relating to your Personal Data:
- the purpose for which we’re processing it;
- what categories of data about you we process;
- the recipients of your data, if any, including specifically international or foreign organisations;
- our expected retention period or how we’ll calculate this, if we don’t know yet;
- your rights in relation to the data; and
- the source of the data, if we didn’t get it from you.
Right to lodge a complaint
If you are unhappy with the way we are processing your Personal Data you can lodge a complaint by writing to our Data Protection Manager at Geeta@thedlc.co.uk or by sending your complaint to:
The Data Protection Manager
The Daswani Law Company
45 Circus Road
London NW8 9JH
You are also entitled to make a complaint at the Information Commissioner’s Office (ICO).