a. Your use of our services, including when you request information from us and when you engage AJA Solicitors for the provision of legal services.
b. Third parties instructed in connection with our provision of legal services to you
c. Contractors and suppliers with whom we contract for the purposes of managing and running our business.
2. Data controller
a. The types of information we process
b. How we use the information
c. How long we retain information
d. How we share the information
e. Protection and storage of the information
f. You and your rights
g. How to contact us
3. The types of information we process
We will process personal information we receive directly from you, on your behalf, other organisations with whom you have dealings, government agencies, publicly available records and the third parties described in ‘How we share the information’ below. We may collect current and historical personal information including/relating to: your name, contact details, identification, ethnic origin, marital status, employment/business, finances, academic history and criminal offences/convictions (this is non-exhaustive which depends on the circumstances). As some personal information is sensitive, we shall seek your consent to process this information. You may withdraw consent at any time as described in ‘You and your rights’ below.
4. Debit and Credit Card Information
Receipts of funds in settlement of bills or on account of costs can be processed through Barclaycard. We may collect your data to process a credit/debit card transaction, which may be passed onto a third-party service provider to complete the financial transaction. Card details will only be held to complete the single transaction. We will not store your card details in our office, physically or electronically. If you use your credit or debit card to make a payment we will ensure this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS).
5. How we use the information
Your data will only be used for the service you have requested.
We may use your personal information if:
a. It is necessary for the performance of a contract with you or our client on your behalf (e.g. when we are providing our services to you as envisaged by our engagement letter);
b. It is necessary in connection with a legal obligation (eg when we are carrying out anti-money laundering and conflict checks);
c. You have provided your consent to such use (eg you have approved the use of a specific third party to assist on your matter);
d. We consider such use of your information as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests (eg to attend court hearings to represent you, make appointments on your behalf, to manage fees and invoicing, or to recover money owed to us); or
e. We are otherwise required or authorised by law.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
Provide legal services
Your personal data and electronic material that you provide to us which we generate in connection with the legal service that forms the subject of our contract with you
1. You have provided consent
2. It is necessary for the fulfilment of the contract for legal services
If you apply for a job with us
Identity data and contact data, as listed in the application form.
1. Necessary for our legitimate interests (to assess your application and ensure we are properly informed when we interview you)
2. Performance of a contract with you (if you are successful in your application)
Conducting business with you
Identity data (such as name, email address and telephone number).
1. Performance of a contract with you.
2. Necessary for our legitimate interests (particularly maintaining the value of the network referred to above)
To manage our relationship with you which will include:
2. Asking you to leave a review or take a survey
4. Marketing and Communications
1. Performance of a contract with you.
2. Necessary to comply with a legal obligation.
3. Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
We also use your information to:
a. fulfil our legal requirements (including in relation to anti-money laundering) and professional obligations;
b. Where we need to perform the contract, we are about to enter into or have entered into with you.
c. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
6. How long we retain information
We recognise that it is important to only retain your personal information for as long as is required by law (which is currently 6 years) or we consider reasonably necessary, after which we will confidentially destroy it.
7. Records in Immigration Matters
a. Due to the nature of immigration services, a full record of information obtained from you, third parties and advice provided by us shall not be retained longer than 15 years unless you request that it be erased.
b. This is because we consider that it is in your best interests that we retain a full history of data which may be relevant to future matters you instruct us to deal with.
c. Such data can also be relevant to your immigration position should there be any dispute with the authorities or for us to be able to provide you with a record should you misplace important immigration documents. If you would like us to rectify or erase your data please refer to the section on ‘You and your rights’ below.
8. How we share the information
We may share your information with third parties where
a. you have provided consent;
b. we are under a legal, regulatory or professional obligation to do so (for example, in order to comply with anti-money laundering requirements);
c. it is necessary for the purpose of, or in connection with, legal proceedings, or to exercise or defend legal rights;
9. Protection and storage of the information
We hold information securely in electronic or physical form and prevent any unauthorised access, modification or improper disclosure.
Information relating to client’s matters is stored in the following ways:
a. Paper files
b. In personalised electronic files, bearing their own reference on a password protected integrated computer network
c. Secure off-site outsourced paper storage following the conclusion of the matter.
Our information security practices are supported by a number of security safeguards, processes and procedures. We store information in access-controlled premises or in password protected electronic form. We require our third-party IT providers to comply with appropriate information security industry standards. All staff and third-party providers with access to confidential information are subject to confidentiality obligations.
10. You and your rights
Subject to applicable laws, you may have certain rights regarding information that we have collected and that is related to you. We encourage you to contact us to update or correct your information if it changes or if you believe that any information that we have collected about you is inaccurate.
You can also ask us to:
a. see what personal information we hold about you,
b. to erase your personal information
You may tell us if you object to our use of your personal information.
You have a right to complain to the Information Commissioner’s Office (ICO), but we would prefer you to contact us first. We should be able to resolve any matter quickly and to your satisfaction.
The Information Commissioner’s Office (ICO) is contactable through their website at https://ico.org.uk/ or their help line on 0303 123 1113 or 01625 545745.
11. How to contact us
If you would like to contact us with questions about our privacy practices, please contact our Data Protection Manager, Avery Jackson at firstname.lastname@example.org
12. If you are a data controller or a data processor
If you are a data controller or a data processor in your own right, and you provide personal data to us, you confirm to us that you have a lawful basis for doing so under data protection law and all necessary consents, where required.
This is a living document which we may update from time to time.