In accordance with the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), this Data & Privacy Notice explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data and keep it safe.
VIRGO SOLICITORS LIMITED of SUITE 21, IMPERIAL HOUSE, 64 WILLOUGHY LANE, LONDON, N17 0SP operates a DATA & PRIVACY NOTICE. The Virgo Solicitors is registered with the Information Commissioner’s Office (“ICO”) under number ZA207115 and Dr Abess Taqi is our Data Protection Officer (DPO). If you have any questions about this privacy notice (“Notice”), please contact Dr Taqi by email at abess@virgosolicitors.co.uk.
Virgo Solicitors will process your and third parties’ personal data, as further explained below, while providing you with legal and associated services, including access to our website and online features (“Services”). We will let you know by posting on our website or otherwise, if we make any changes to this Notice from time to time. Your continued use of the Services after notifying such changes will amount to your acknowledgement of the amended Notice.
PLEASE NOTE: You shall, and you hereby agree to indemnify Virgo Solicitors and its affiliates and their officers, employees, agents and subcontractors (each an “Indemnified Party”) from and against any claims, losses, demands, actions, liabilities, fines, penalties, reasonable expenses, damages and settlement amounts (including reasonable legal fees and costs) incurred by any Indemnified Party arising out of or in connection with any breach by you of the warranties included below. IF POSSIBLE, THIS INDEMNITY SHOULD BE MADE CONTRACTUAL IN THE TERMS OF ENGAGEMENT.
This Notice is primarily for the benefit of our clients or potential clients or for related third parties whose personal data we may process as part of the provision of legal services. We maintain and will provide separate privacy notices in relation to the collection and use of personal information about our staff and employees, including potential employees, during and after their working relationship with us.
Virgo Solicitors processes your data in accordance with the terms of the Data Protection Act 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and the relevant provisions relating to the General Data Protection Regulation contained within the European Union (Withdrawal) Act 2018 (UK GDPR). This Data & Privacy Notice explains, in detail, the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data and keep it safe. Unless otherwise indicated, references in this Data and Privacy Notice to the GDPR refer to the UK GDPR.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how our firm uses your data. We hope the following sections will answer any questions you have but if not, please do get in touch with us.
We are only entitled to hold and process your data where the law allows us to. The current law on data protection (Article 6 GDPR) sets out a number of different reasons for which a law firm may collect and process your personal data. These include:
The main purpose for our holding your data is to provide you with legal services under the agreement we have with you. This agreement is a contract between us and the law allows us to process your data for the purposes of performing a contract (or for the steps necessary to enter in Page 3 of 13 to a contract). We may also need to process your data to meet our contractual obligations to the Legal Aid Agency where you receive legal aid to fund your case or advice.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom or interests. This may include to satisfy our external quality auditors or our Regulators.
If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity. The legal basis for our processing of personal data for the purposes described above will typically include:
a) processing necessary to fulfil a contract that we have in place with you or other data subjects, such as processing for the purposes.
b) processing necessary for our or a third party’s legitimate interests, such as processing based on the legitimate interests of Virgo Solicitors to ensure that Services are properly provided, the security of the Virgo Solicitors and its clients and the proper administration of Virgo Solicitors.
c) processing necessary for compliance with a legal obligation pursuant to the provision of our legal and regulatory obligations.
d) any other applicable legal grounds for processing from time to time.
In some situations, we can collect and process your data with your consent. For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you, which data is necessary in connection with a particular service. We will only process personal data, in accordance with applicable law, for the following purposes:
a) responding to your queries, requests and other communications.
b) providing the Services, including, where applicable, procuring acts from foreign organisations.
c) enabling suppliers and service providers to carry out certain functions on behalf of Virgo Solicitors to provide the Services, including webhosting, data storage, identity verification, technical, logistical, courier or other functions, as applicable.
d) allowing you to use features on our website when you choose to do so.
e) sending you personalised marketing communications requested by you, as well as serving personalised advertising to your devices, based on your interests in accordance with our Cookie Statement below. You have the right to disable cookies as set out above or to unsubscribe by clicking the cookie statement on our website.
f) ensuring the security of Virgo Solicitors and preventing or detecting fraud.
g) administering our business, including complaints resolution, troubleshooting of our website, data analysis, testing of new features, research, statistical and survey purposes.
h) developing and improving our Services, and
i) complying with applicable law, including Notary Practice Rules, guidelines and regulations or in response to a lawful request from a court or regulatory body.
In relation to personal data of data subjects you warrant to Virgo Solicitors on a continuous basis that:
a) where applicable, you are authorised to share such personal data with Virgo Solicitors in connection with the Services and that wherever another data subject is referred to, you have obtained the explicit and demonstrable consent from all relevant data subjects to the inclusion and use of any personal data concerning them;
b) to the extent this is required in connection with the Services, such personal data is accurate, complete and up to date; and
c) either you provide your explicit consent and warrant that each data subject has provided explicit consent for the transfer of personal data to foreign organisations in connection with the Services or that an alternative legal gateway for such transfer (such as transfer necessary for the conclusion or performance of a contract concluded in the interest of the data subject) has been satisfied.
We normally collect your data when you provide it to us or when it is provided to us by others (your opponent’s solicitors for example) during your case. You may give us your data by email; through an online web form; over the telephone; face to face; or by post. We also collect data automatically regarding each of your visits to our website including technical information.
Information you provide to us.
You voluntarily give us your personal information for instance when:
Where we request information from you, we will collect the information set out in the relevant web pages, or as explained to you over the telephone or face to face.
We may collect personal data as follows:
We may gather details of your age; ethnicity; gender etc. if required to do so by the Legal Aid Agency where you are in receipt of Legal Aid. Where you have Legal Aid, we may also gather financial information from you.
We also collect and hold information about your case or legal problem.
Depending on the circumstances of their legal matters, for some clients, we may have access to or process personal data relating to criminal convictions and offences or related security measures. The special condition for processing this data (pursuant to Schedule 1 and Article 10 of the GDPR) is because it is necessary for, connected to and/or or relates to legal claims including for the purposes of assisting with legal proceedings, obtaining legal advice and/or establishing, exercising or defending legal rights. We have considered the risks and impact associated with the processing of criminal offence data not least regarding data minimisation, security and transparency. All such data is processed in line with the commitments and policies within this Privacy Notice.
We do not envisage that any data we hold would be classified as ‘special categories’ under the GDPR. If we need to start processing this type of data, or if we are acting as a Data Processor for this data then we will explain this to you.
Additionally, depending on the circumstances of their legal matters, for some clients, we may have access to or process special category data including:
In addition to contract lawful condition for processing under Article 6 of the GDPR (see above), Article 9(2)(f) of the GDPR) permits us to process this data where it is necessary for, connected to and/or or relates to legal claims including for the purposes of assisting with legal proceedings, obtaining legal advice and/or establishing, exercising or defending legal rights. We will only process this specific data if it is necessary to establish, exercise or defend a client’s legal rights. We will ensure that the use of this data is relevant and proportionate and that we do not hold any more data than is needed. All such data is processed in line with the commitments and policies within this Privacy Notice.
We collect certain related technical information including, but not limited to, traffic data, location data, logs (including, where available, the IP address and location of the device connecting to the online services and other technical information and identifiers about the device and the nature of the visit such as clickstream to, through and from our website) and other communication data, and the resources that you use.
On occasions, we acquire information from other companies, to collect information about how visitors to our website use the site. Information is also collected about how you arrived at our websites in the first place, including what links or adverts you have viewed or clicked on to reach us, or any search terms you have used. We do this to maintain and improve our website, getting a better understanding of visitor and client profiles and ultimately delivering a better experience. Information may be collected using cookies or pixels.
We have installed CCTV systems in our offices and on the outside of the buildings and personal data in form of images or CCTV footage may be recorded.
We operate CCTV in accordance with the ICO CCTV Code of Practice and are processing CCTV data to pursue our legitimate interests of:
CCTV is never used for any automated decision taking.
In all locations, signs are displayed notifying individuals that CCTV is in operation. Images captured by CCTV will not be kept for longer than is necessary and ordinarily, will not be retained for more than 30 days. However, on occasions, there may be a need to keep images for longer such as where a crime is being investigated.
We will only disclose images and audio to other authorised bodies such as the police or other law enforcement agencies for the purposes set out above.
We record most incoming and outgoing telephone calls except for calls (or parts of those calls) where payment is taken. Your personal data may be collected as a result.
We record conversations for the following reasons:
Call recordings are destroyed in accordance with the retention information in this Notice. If the recording is available, you can submit a request a copy of your call by making a data subject access request to our DPO (as set out below).
We only use your data for the purposes of providing you with legal advice, assistance and where appropriate, representation and for reasons directly associated with those services (i.e. providing information to quality auditors; the Legal Aid Agency etc.). In particular:
We also use data to communicate with our regulators or legislators and to obey laws, regulations and codes of conduct that apply to us.
For example, we will process your data to enable us to identify and/or verify your identity and conduct fraud, credit and anti-money laundering checks in accordance with anti-money laundering and counter terrorism financing legislation and regulation.
We may use your data to notify you of our other services but only where we have your consent to do so.
We also use data to develop our business and services. In particular:
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
By law, we may not place cookies on your computer without your consent, unless they are strictly necessary to the operation of the service that we provide on the Website. We use the following cookies on our website:
a) Strictly necessary cookies. These cookies are essential to enable you to move around our website and use its features. Without these cookies, Services you have asked for cannot be provided. They are deleted when you close the browser. These are first party cookies.
b) Performance cookies. These cookies collect information in an anonymous form about how visitors use our website. They allow us to recognise and count the number of visitors and to see how visitors move around the website when they are using it and the approximate regions that they are visiting from. These are first party cookies.
c) Functionality cookies. These cookies allow our website to remember choices you make (such as your username, language or the region you are in, if applicable) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites. These are first party cookies.
d) Targeting or advertising cookies. These cookies allow us and our advertisers to deliver information more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as to help measure the effectiveness of advertising campaigns. They remember that you have visited our website and may help us in compiling your profile. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
e) Social Media cookies. These cookies allow you to connect with social media networks such as LinkedIn and twitter. These are persistent cookies which will be kept on your device until their expiration or earlier manual deletion.
f) We may combine information from these types of cookies and technologies with information about you from other sources.
We assume that you are happy for us to place cookies on your device. Most Internet browsers automatically accept cookies. However, if you, or another user of your device, wish to withdraw your consent at any time, you can accept or decline cookies by modifying your browser setting. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website, our platforms and Services.
When you arrive on our website a pop-up message will appear asking for your consent to place advertising cookies on your device. To provide your consent, please click ‘I understand’. Once your consent has been provided, this message will not appear again when you revisit. If you, or another user of your device, wish to withdraw your consent at any time, you can do so by altering your browser settings otherwise we will assume that you are happy to receive cookies from our website. For more information, please visit www.allaboutcookies.org and http://www.youronlinechoices.com/uk/.
e.g. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
We use Google Analytics to monitor how our website is being used so we can make improvements. Our use of Google Analytics requires us to pass to Google your IP address (but no other information) – Google uses this information to prepare site usage reports for us, but Google may also share this information with other Google services. In particular, Google may use the data collected to contextualize and personalize the ads of its own advertising network. Related information:
Google’s privacy policy
How Google uses this information.
If you have any queries about the cookies that we use, or would like more
information, please contact info@virgosolicitors.co.uk.
We take protecting your data very seriously. The data you give us may be subject to Legal Professional Privilege and is often extremely sensitive and confidential.
With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it. We have clear data protection and information security policies and procedures in place (along with Regulatory and other legal obligations to keep your data safe) and these are regularly assessed as part of our Quality Standards
and compliance processes.
We protect our IT system from Cyber Attack. Access to your personal data is password-protected, and sensitive data is secured by encryption.
We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
We only keep your data for as long as is necessary for the purpose(s) for which it was provided.
We use the following retention periods and review these periodically to make sure we are only keeping personal data and other data for as long as is needed:
For some data we may decide that it is proper and appropriate to keep data for longer than the above, but we will notify you if we believe that your case falls into this category or there is another reason your data has to be retained.
We sometimes share your personal data with trusted third parties. We only do this where it is necessary for providing you legal services or for the effective operation of
our legal practice.
For example, we may share your data with barristers; experts; translators; costs draftsmen; process servers; secure file storage and destruction companies; auditors; the company that securely hosts our off-site cloud storage servers.
We apply a strict policy to those recipients or data processors to keep your data safe and protect your privacy. In particular
Your data is stored and processed within the United Kingdom (UK). If we must share your personal data with third parties and suppliers outside the UK, we will seek your specific consent to do so.
However, we may transfer personal data overseas. If your matter requires the expertise of an individual that does not reside in the UK. Your data will be transferred via our secured cloud case management system. We use cloud IT and similar data storage facilities and so we may store, process and transmit data in locations outside the UK. Our information systems, including electronic matter files, client information and finance systems may be accessible by our offices in different counties which means personal data may be accessed by our firm’s personnel overseas. In cases where your matter involves obtaining legal or other professional advice from another country, our firm may need to transfer details about your matter, including personal data, to a third party in that country.
Whenever we transfer any data out of the UK, we ensure a similar degree of protection is afforded to it and treated with the same security measures regardless of location, and in accordance with our internal processes and policies as well as regulatory and legal obligations. We ensure that at least one of the following safeguards is implemented
a) only use that personal data for the purposes for which it was disclosed
b) use all technical and organisational measures which are reasonable in the circumstances to secure that personal data
c) delete that personal data when it is no longer required, and
d) treat that personal data in accordance with this Data and Privacy Notice and that appropriate data privacy law.
You have the following rights under the UK GDPR:
For further details on your rights, please visit the Information Commissioner’s Office at https://ico.org.uk/your-data-matters/.
For information on how your information is used, how we maintain the security of our information, and to exercise your rights to access information we hold on you, please
contact us.
Similarly, if you believe that the information we hold is wrong or out of date, please let us know and we will update it. Dr Abess Taqi is our Data Protection Officer and enquires and/or requests can be sent to Dr Taqi
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites
are not governed by this policy. You should exercise caution and look at the privacy statement or policy applicable to the website in question.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites).
We do not intend to process a client or related third party’s personal information for any reason other than stated within this privacy notice. If this changes, we will update this privacy notice on this webpage and in any documentation, we will send to you. However, internet and data privacy best practice and acceptable standards are developing. We therefore reserve the right to revise this Notice at any time. If this Notice changes in any way, we will place an updated version on this webpage. For all other clients with ongoing instructions, we will provide a copy directly. Continued instructions to us will signify that you agree to any such changes.
