1. What we need and why we need it

Hawkins Ryan needs access to your personal data in order to do our job. The use of personal data is regulated by the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and we are required to have policies and procedures in place for handling your personal data. Personal data is defined as any information relating to you from which you can be identified.

Our General Personal Data Protection Policy governs the use and storage of your data. You can see our detailed General Personal Data Protection Policy or Privacy Policy at www.hawkinsryan.com or we can send you a hard copy on request.

Hawkins Ryan is a controller of the personal data which you the data subject provide us with or which is provided to us by any third parties. We collect and use your personal data to administer our relationship with you, including to provide our services to you, to manage our contracts with you, to respond to your enquiries or complaints, to inform you about other products and services, to administer and improve our services, to respond to requests from authorities, to comply with our contractual and legal obligations, and for other legitimate business purposes.

We routinely collect the following types of personal data from you:

• Your full name, address, telephone numbers and email addresses
• Information which assists us to check your identity as required by our regulator including your date of birth, national insurance number, passport and driving licence details
• Information about your employment status including any details about your employer or the business which you run
• Details of assets, including property, that you own, financial and payment data such as banking details, invoices and payment terms as well as any personal data for we need for billing processing

We also collect other information from you in certain circumstances, depending on the work you instruct us to do on your behalf. For example, if you instruct us to make a will for you or prepare a lasting power of attorney or in relation to divorce or judicial separation proceedings, we will need information about your family and dependents. If we are acting for you in an accident claim, we will need access to your medical records.

In other areas of work, other kinds of personal data about you may be needed. All the personal data which we collect is subject to our General Personal Data Protection Policy and to the terms of this Privacy Notice.

Finally, as mentioned above, we also sometimes collect personal data about you from third parties - accountants, pension advisers, employers, doctors and others. All personal data collected from third parties is treated in exactly the same way as personal data collected from you personally.

2. What we do with it

Your personal data is processed at Hawkins Ryan’s business premises in King’s Lynn and Dersingham. Hosting and storage of your data takes place at such premises.

Whenever Hawkins Ryan uses a third-party supplier or business partner to process personal data on its behalf, the Compliance Manager will ensure that this processor will provide security measures to safeguard personal data that are appropriate to the associated risks. For this purpose, we will establish a data sharing agreement with the supplier or contractor, to ensure the fair and lawful processing of any personal data we share.

Your personal data may be disclosed to third party service providers, acting on our behalf, in connection with managing services, data analytics, finance, and accounting or other administrative services and information technology support. These third-party service providers will have access to and process personal data only on our behalf and under our instructions and will be held subject to appropriate security obligations.

3. How long we keep it

In terms of GDPR and the Data Protection Act, we are required to keep your documents according to our Data Retention Policy. After this period, your personal data will be destroyed or encrypted in such a way as to make it inaccessible. Any personal data held by us for marketing and service update notifications will be kept by us until such time that you notify us that you no longer wish to receive this information. Please see Data Retention Policy for more information about personal data retention; please ask to see our Data Retention Policy.

4. What are your rights?

• You are entitled to make a “Subject Access Request” requiring us to provide you with access to a copy of the personal data we hold in respect of you.
• You are entitled to enquire about the purposes of the data processing, whether the data has been shared and, if so, with whom, how long it will be stored and who the original source of the data was.
• You have the right, in certain circumstances to be forgotten, that is to require the erasure of your personal data.

In the event that you wish to make any enquiry about your personal data or to complain about how we have handled it, please contact our Compliance Manager via email (lorna.johnson@hawkinsryan.com) or in writing to Lorna Johnson, Compliance Manager, Hawkins Ryan Solicitors, 19 Tuesday Market Place, King’s Lynn, Norfolk PE30 1JW. Our Compliance Manager will then look into your complaint and work with you to resolve the matter.

If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office and file a complaint with them. Details for the Information Commissioner’s Office can be found on their website http://ico.org.uk, 0303 123 1113 or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.