top of page

PRIVACY POLICY

General Data Protection Regulation (GDPR)

The GDPR, came into effect in May 2018 regulates how organisations collect, handle and store personal data. Personal data is any information relating to an identifiable living individual. We as a firm have a responsibility to ensure all data protection procedures are implemented in line with the Privacy policy to ensure no risks and issues arise. Our firm is fully compliant with and accountable for the record keeping of all personal data of its data subjects.

 

This privacy notice contains information about the data collected, stored and otherwise processed and the reasons for the processing. It also tells you who we share this information with, the security measures in place to protect your data and how to contact us in the event you need further information.

​

Why this policy exists

This policy provides help and guidance to our clients in:

  1. How we comply with data protection law and follow good practice

  2. Protecting the rights of staff and clients

  3. Being open about how we use personal data, how we store it and when we secure it

  4. Protecting the Firm against the risks of both inadvertent and intentional data breaches

 

Scope of the Policy

The Policy applies to all employees; fixed term contract employees; temporary employees; agency staff; and consultants and contractors who are provided with access to any of the Firm’s files and/or computer systems. Collectively these individuals are hereafter referred to as 'users'. All users have responsibility for complying with the terms of this Policy.

 

Data Protection Law - What is personal data?

The GDPR regulates how organisations must collect, handle and store personal data. Personal data is any information relating to an identifiable living individual. It is information which enables that person to be identified, directly or indirectly, and may include their name, address, telephone number(s), email address(es), age, location data, or online and biometric identifiers. These rules apply to all data stored in any structured way, including both paper files and electronically.

 

The Data Protection Principles

The GDPR contains several key principles which apply to the collection and processing of personal data and which underpin everything that follows.

Lawfulness, fairness and transparency: Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject

Purpose limitation: Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes

Data minimisation: Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

Accuracy:  Personal data shall be accurate and, where necessary, kept up to date

Storage limitation:  Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

Accountability: The controller shall be responsible for and be able to demonstrate compliance with the GDPR.

 

Key Responsibilities

The Data Protection Officer is ultimately responsible for ensuring that the Firm meets its legal obligations and that this Policy is followed by implementing the below:

 

  1. Keeping the employees updated about data protection responsibilities, risks and issues

  2. Reviewing all data protection procedures and related policies, in line with an agreed schedule

  3. Arranging data protection training and advice for everyone to whom this Policy applies

  4. Handling data protection queries from staff and contractors

  5. dealing with requests from anyone whose data we hold for access to that data (known as ‘subject access requests’)

  6. Checking and approving any contracts or agreements with third parties that may handle our personal data

  7. Checking and approving any contracts or agreements with third parties whose personal data we may handle

  8. Ensuring that policies on processing, retention, storage and deletion of data are adhered to and relevant documentation is maintained to evidence compliance

 

Sensitive Personal Data or ‘Special Category Data’

This data has a special status under the law, as it is particularly personal in nature. It concerns a person’s race, ethnicity, politics, religion, trade union membership, genetics, biometrics used for identification purposes, health, sex life or sexual orientation. There are several strict rules about the processing of this kind of data, and the kinds of situations in which it is legitimate to process it, and usually the data controller needs the data subject’s explicit consent to do so or a clear legal basis. We will never disclose such data to any third party unless legally obliged to do so, and then only to appropriate authorities as required by law.

 

Accountability and Record Keeping

The Firm will keep written internal records of all personal data collection, holding and processing, and this will incorporate the following:

  1. Name and details of the Firm, its DPO and any third-party data processors

  2. The purposes for which the Firm collects, holds and processes personal data

  3. Details of the categories of personal data collected, held and processed by the firm and the categories of data subject to which the data relates

  4. Details of any transfers of data to non-EEA countries including the mechanism for doing so and security measures taken

  5. Details of the Firm’s retention policy (see Data Retention Policy)

  6. Detailed descriptions of all technical and organisational measures taken by the Firm to ensure the security of personal data.

 

Providing Information to Data Subjects

We are required to ensure that, when we collect and process personal data, the data subject is aware of the purposes for which this is being done, and what is happening to the data. We therefore will ensure that all data subjects will be provided with the following information:

  1. Details of the Firm, including the name of the DPO

  2. Why the data is being collected and processed, and the legal basis for this

  3. If applicable, any legitimate interests justifying the Firm’s collection and processing of data

  4. Where personal data is not collected directly from the subject, the categories of data collected and processed

  5. Where the data is to be transferred to third party/parties, their details

  6. Where data is to be transferred outside EEA, details of the transfer

  7. Details of the data subject’s rights under GDPR to withdraw consent to processing at any time and to complain to the Information Commissioner’s Office (ICO)

  8. Details of any legal or contractual requirement which means that the Firm needs to collect this information and process it, and what the implications are if it cannot do so.

​

Data Subject Access

‘Subject Access Requests’ (SARs), can be made by data subjects where an organisation holds personal data about them. This can be done at any time, and the requests are made in order for the data subject to find out what data is being held, and what is being done with it. Where a subject access request is being made to us we will refer the client to the data controller to deal with the request.

 

  1. Such requests need to be made by the data subject in writing

  2. They should be addressed to the DPO, who will deal with the request

  3. The Firm will usually respond to them within one month, but we may need to extend it for a period of up to a further two months if it is a complex request or there are multiple requests. In that situation, the data subject(s) will be informed.

  4. The Firm will not charge the data subject any fee for responding to the SAR, unless the subject is asking for multiple copies of data already supplied or unless the request is manifestly unfounded or excessive.

 

Rectification of Personal Data

Where a data subject informs us that data we are holding about them is inaccurate or incomplete and requests that it is corrected, we will rectify the information and inform the data subject that we have done so.

 

Where the incorrect data is held by third parties to whom it has been disclosed, we will inform them and that the data that they hold is rectified.

 

Retention of Personal Data

The Firm will only keep your personal data for as long as necessary to provide you with our services or

comply with legislation.

 

Erasure of Personal Data

Data subjects have a right to require the Firm to erase personal data held about them when:

  1. The Firm no longer needs the data it is holding for the purposes for which it was originally collected

  2. The data subject wishes to withdraw their consent to the Firm holding and processing the data

  3. The data subject objects to the Firm holding and processing the data, and there is no overriding legitimate interest which allows us to continue to do so

  4. The personal data has been processed unlawfully

  5. The personal data needs to be erased in order for the Firm to comply with a particular legal obligation.

 

Restriction of Personal Data Processing

Data Subjects have a right to request that the Firm ceases to process any personal data that we are holding about them. If that takes place, we will only retain whatever personal data we need to ensure that no further processing takes place, and we will inform any third parties to whom we have disclosed the data about the restriction on processing (unless it is impossible to do so or would involve disproportionate effort).

 

Data Security

The Firm relies on process, people, physical and IT controls to help us protect your data. We store your personal data on computer systems that have access controls in place, are protected against malicious attacks and are checked for vulnerabilities. The Firm also implemented several technical and administrative measures to protect your information from theft, misuse, loss and unauthorised access, disclosure, alteration and destruction.

 

Transfer of Personal Data outside the European Economic Area – EEA

This privacy notice is of general application and as such it is not possible to state whether it will be necessary to transfer your information out of the EEA in any case or for a reference. However, if you reside outside the EEA or your case or the role for which you require a reference involves persons or organisations or courts and tribunals outside the EEA then it may be necessary to transfer some of your data to that country outside the of the EEA for that purpose. If you are in a country outside the EEA or if the instructions you provide, come from outside the EEA, then it is inevitable that information will be transferred to those countries. If this applies to you and you wish additional precautions to be taken in respect of your information, please indicate this when providing initial instructions. 

 

Your Rights

You have the right at any time to:

  1. Ask for a copy of the information about you held by us in my records;

  2. Require us to correct any inaccuracies in your information;

  3. Make a request to us to delete what personal data of yours we hold; and

  4. Object to receiving any marketing communications from us.

 

If you would like to exercise any of your rights above, please contact our DPO by post or by email to our DPO at: info@sfsolicitors.com

 

Should you wish to complain about the use of your information, we would ask that you contact us to resolve this matter in the first instance. You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The Information Commissioner’s contact details are noted below:

 

Information Commissioner's Office (ICO)

Wycliffe House, Water Lane

Wilmslow, Cheshire, SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

​

Changes to our Privacy Policy

We may make changes to our Privacy Policy from time to time to ensure our commitment to you in protecting your data. If there are any changes made we will inform you to them accordingly.

​

Private Clients:

Sohaib Fatimi solicitors is a private law firm and does not offer Legal Aid.

​

Consultation:

We offer 30-minute and 1-hour consultations depending on your needs and the complexity of your case. This is a meeting which you can book to receive advise on your case. This is the stage where we assess your documents and merits and will advise you on your options if any. We request that you bring any documents relating to your case with you when you attend for this meeting. This is to ensure we assess your documents and provide you with efficient advice in relation to your case. Our consultation charges are as follows:

 

30-minute consultation: We offer a 30-minute consultation for less complex matters where we charge £60.00 PLUS VAT. 1-hour consultation: We offer 1-hour consultations for more complex cases where there is more documents to assess and advice to be given. The charge for this will be £100 PLUS VAT. If the meeting goes longer than 1-hour, additional fee will apply. We will advise you on whether you need a 30 minute or 1-hour consultation at the time of the booking of the consultation, after taking relevant information from you which enables us to assess the time the consultation may take. We will not charge you for the consultation if you instruct us to act on your behalf and handle your matter during or after our consultation, on the same day as the consultation takes place. 

​

Charges:

We take every client’s circumstances into consideration and understand that different individuals have different needs and therefore keep our pricing options open to suite our clients’ individual needs.

 

We normally work on a fixed fee basis. We offer competitive fixed fee rates and keep our prices transparent with no hidden extra costs. We carefully assess our client’s case and circumstances to ensure that we offer them a reasonable and affordable fee. We inform you of our full fee for the work we will carry out, during our first meeting before you instruct us to take on your case. The fixed fee covers attendance, preparations, assessment of documents, representation, advise, drafting and communication with the other party on your behalf until the agreed work is completed.  

 

We also offer the option for our clients to pay for the time spent on their cases. This means that you will be charged by reference to the time spent by our solicitors and other staff members with respect to the work they carry out on your matter. This will be charged on hourly basis and can be agreed during our initial meeting before we take on your matter. The hourly rates normally apply in more complex civil matters.

 

We are proud to say that in some cases where we know that a client is vulnerable, struggling and cannot afford our fee, we carry out work for them on a pro-bono basis. This means that we carry out the work free of charge as a goodwill gesture to the client. However, this is subject to meeting the eligibility test.

bottom of page