As a company we recognise that we have both a moral and a legal duty of care when it comes to the personal information (data) we hold about individuals and we take this responsibility very seriously. This document, our data protection policy, describes in more detail the approach we take, how we use and manage the data we hold and how you, as an individual, can exercise your legal rights regarding this information.
Personal data is any information that is unique to and is associated solely with you as an individual.
For example, although your name may be widely known by many people and organisations, your Email address is not. In this case your Email address is an example of personal data. To deliver our service to you, we may need to keep a record of your Email address so that we can contact you. This is an example of personal data that we keep, why we keep it and an explanation of how we use it.
By holding and using your personal information we become what is known as a data controller and you are a "data subject" - these are standard terms used when describing how organisations manage data and data protection.
During our work for you we may need to send you an Email and we do this through a service that is supplied to us. So that we can send you the Email, we will need to pass your Email address, name and the content of the Email to this service and in doing we are potentially sharing your personal information with someone else. Those individuals and organisations we share your personal data with are known as data processors but it is always our responsibility to ensure your personal data remains protected by them.
It is necessary for our company to keep several types of personal data depending on our relationship with an individual. For example, we maintain additional personal data about our employees such as their tax code and bank details. If you are a client, we may keep different personal data which relates to you and your matter.
We record the nature of the personal data we hold both periodically and as changes are made so we can ensure we know and can advise you of what personal data we hold, where it came from, who it may be shared with and what we do with it.
Unless your legal matter requires otherwise, we do not record or process any data which is considered more sensitive such as information relating to race, politics or religion except for the purposes of equality and diversity monitoring and reporting.
Information used for monitoring purposes is always gathered and maintained in an anonymised form without any identifying personal data.
Data protection is an intrinsic part of our day to day operations and our management actively promotes a positive culture and approach to data protection across the organisation.
We have established and recorded that our organisation has an appropriate legal basis for its data processing activities.
We have implemented an appropriate range of processes and procedures to ensure that we can demonstrate, when requested, that we are complying with our stated goal of the protection of your personal data. These processes are constantly monitored, reviewed and where necessary updated to keep risks associated with your personal data to a minimum.
We are committed to ensuring your personal data remains accurate and up to date and that we securely dispose of personal data that is no longer required.
Our staff receive regular training on data protection awareness and are actively encouraged to contribute to the data protection culture as part of a process of continuing improvement.
In addition to the processes and procedures the company has put in place we have also implemented various data security measures to protect your personal data. These range from encryption of devices used to store personal data to access control mechanisms that limit who has access to your personal data. These security measures are constantly reviewed and updated as new and evolving threats arise.
We also take care to consider how our other policies, for example our Equal Opportunities and Diversity monitoring policy, might impact on or be impacted upon by our data protection obligations.
So that we can fulfil our legal and service obligations we may need or be required to share your personal data with other organisations.
Where we are required to share your personal data to fulfil our legal obligations or comply with legal requests for your personal data, we will ensure that the legal basis for the request is justified and shall share no more than we are required to do.
Where we are share your personal data with third parties to fulfil our service obligations to you, we carefully review their data protection policies and ensure that the agreements with them clearly describes each parties' roles and responsibilities for the protection of your personal data.
Everyone in our organisation is responsible for protecting your personal data however the overall responsibility for implementing, maintaining and monitoring our compliance relating to data protection is with our Data Protection Officer whose contact details can be found at the end of this document.
If we hold personal data about you, whether you are a client, employee or supplier, you have the right to request access to this personal data, so you can see what personal data we hold, know why we hold this information and what we use it for.
If you wish to make a request for a copy of your personal data, please contact the Data Protection Officer (contact details at the end of this policy). We will then have one calendar month to provide you with this data and it will be provided in an electronic form that can easily be examined.
You also have the right to request that we erase your personal data or that we do not use specific personal data. For example, you may wish to request that we stop using your Email address to contact you. If would like us to erase your personal data or stop using specific personal data, please contact the Data Protection Officer (contact details can be found at the end of this policy).
If you believe your rights have been breached by us or that we have failed to protect your personal data, you may wish to contact our Data Protection Officer or the Information Commissioner's Office - contact details can be found at the end of this policy.
We hope this document clearly explains our data protection policy however if any aspect of this policy is not clear or you have any queries about the policy our approach to data protection, please contact our Data Protection Officer - contact details below.
ONE Legal Data Protection Officer
Telephone 0161 850 7007
ONE Legal Services Limited
12 Eaton Avenue, Buckshaw Village, Euxton. PR7 7NA.
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire. SK9 5AF
This document was last updated on 9 April 2018.