Data Privacy Notice

Introduction
What Data do we Collect About You?
How will Your Data be Used?
Your Rights
How Long will VAITILINGAM KAY Retain Data For?
Overseas Data Transfers
Data Privacy and Security
Definitions

1. Introduction

Vaitilingam Kay is a law firm in the UK offering family legal services to private individuals.

As an essential part of our business, we Collect and manage client and non-client data. In doing so, we observe the UK data protection legislation, and are committed to protecting and respecting Clients’ and non-Clients’ privacy and rights. Specifically, we act as a Data Controller in respect of the data gathered and Processed by us.

In order that you are reliably informed about how we operate, we have developed this Privacy Notice which describes the ways in which we Collect, manage, Process, Store and share information about you as a result of you being a Client of Vaitilingam Kay or another Solicitor or visiting this site. The Privacy Notice also provides you with information about how you can have control over the use of your data.

If you have any comments or queries regarding our use of your data, please contact our Data Protection Officer at lauren.rich@vklaw.co.uk

Alternatively, you can write to our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ.

2. What Data do we Collect About You?

In general terms, we seek to collect data about you so that we can:

Administer our relationship with you, provide services and respond to enquiries.

Enable business development including sending legal updates, publications and details to events.

Process applications for employment.

Deliver requested information to you about our Services.

Ensure the billing of any Services and obtain payment.

Process and respond to any complaints.

Enable us to meet our legal and other regulatory obligations imposed on us.

Audit usage of our websites.

The data that we need for these purposes is known as your Personal Data. This includes your name, home address, email address, telephone and other contact numbers and financial information. We collect this in a number of different ways. For example, you may provide this data to us directly online or over the telephone, or when corresponding with us by letter.

Please also be advised that when you visit this website, cookies will be used to collect data about you such as your internet protocol (IP) address which connects your computer or mobile device to the internet, and data about your visit such as the pages you viewed or searched for, pages response times, download errors etc. We do this so that we can measure our website’s performance and make improvements in the future. Cookies are also used to enhance this website’s functionality and personalisation, which includes sharing data with third party organisations. You can control this by adjusting your cookies settings.

3. How will Your Data be Used?

Vaitilingam Kay uses the data Collected from you for the specific purposes listed in the table below. Please note that this table also explains:

The legal basis for Processing your data, linked to each Processing purpose; and

In what circumstances your data will be shared with a third party organisation.

Purpose for Processing data	Legal basis for Processing data	Third party organisations with whom data is shared
To administer our relationship with you, provide Services and respond to enquiries.	To meet the requirements of a Contract.	None.
To ensure the billing of any Services procured by you and obtain payment	To meet the requirements of a contract	Government VAT and tax inspectors, external auditors, internal auditors.
To process and respond to complaints.	To meet a legal obligation.	None.
To monitor and record information relating to the use of our services, to include our website.	To meet a legitimate interest in order to improve the services and experience and website for individuals.	Web service providers and cookie providers.
To ensure the firms offices and its stored information is secure we use CCTV services.	To meet the requirements of a contract.	CCTV service providers.
To conduct human resource administration to include assessing suitability, eligibility and/or fitness to work.	To fulfil contractual obligations this includes taking action before entering into a contract.	Disclosure and Barring Service.

4. Your Rights

Under the terms of data protection legislation, you have the following rights as a result of using this website:

4.01 Right to be Informed

This privacy notice fulfils our obligation to tell you about the ways in which we use your data as a result of you engaging with VAITILINGAM KAY and using this website.

4.02 Right to Access

You have the right to ask us for a copy of any Personal Data that we hold about you. This is known as a Subject Access Request. Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this data at no cost. We will send you a copy of the information within 30 days of your request.

To make Subject Access Request, please write to our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ.

Alternatively, contact our Data Protection Officer at lauren.rich@vklaw.co.uk

4.03 Right to be Rectification

If any of the data that we hold about you is inaccurate, you can either:

Contact our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ or via email at lauren.rich@vklaw.co.uk

4.04 Right to be Forgotten

You can ask that we erase all Personal Data that we hold about you. Where it is appropriate that we comply, your request will be fully actioned within 30 days. For further information, please contact 020 3126 4920 or alternatively, please contact our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ or via email at lauren.rich@vklaw.co.uk

4.05 Right to Object

You have the right to object to:

The continued use of your data for any purpose listed in section 3 above for which Consent is identified as the lawful basis for processing i.e. you have the right to withdraw your Consent at any time.

The continued use of your data for any purpose listed in section 3 above for which the lawful basis of processing is that it has been deemed legitimate.

4.06 Right to Restrict Processing

If you wish us to restrict the use of your data because:

(i) you think it is inaccurate but this will take time to validate,

(ii) you believe our data Processing is unlawful but you do not want your data erased,

(iii) you want us to retain your data in order to establish, exercise or defend a legal claim, or

(iv) you wish to object to the processing of your data, but we have yet to determine whether this is appropriate, please contact our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ or via email at lauren.rich@vklaw.co.uk

4.07 Right to Data Portability

If you would like to move, copy or transfer the electronic Personal Data that we hold about you to another organisation, please contact our Data Protection Officer at Irwin Mitchell Group, Imperial House, 31 Temple Street, Birmingham B2 5DB or via email at dataprotection@irwinmitchell.com.

4.08 Rights Related To Automated Decision-Making

If you would like to object to automated decision making without any individual involvement, and to the profiling of your data, please contact 020 3126 4920 or alternatively, please contact our Data Protection Officer at 80 Coleman Street, London EC2R 5BJ or via email at lauren.rich@vklaw.co.uk

5. How Long will VAITILINGAM KAY Retain Data for?

Vaitilingam Kay will typically retain data for a period of seven years. This is due to regulatory reasons and to ensure our business records are adequate to maintain the requisite levels of insurance to protect our clients and non-clients.

6. Overseas Data Transfers

Your Personal Data may be transferred to business contacts outside the European Economic Area where necessary in order for Vaitilingam Kay to carry out its business (for example, if Vaitilingam Kay uses a supplier such as a cloud storage provider outside the European Economic Area).

However, Vaitilingam Kay shall not transfer Personal Data outside of the European Economic Area unless there are appropriate safeguards in accordance with applicable data protection law, or an exception applies where the law allows such transfers, for example it is necessary in order to establish, pursue or defend a legal claim.

Where the transfer is made on the basis of there being appropriate safeguards, these will either involve the use of contracts approved by the European Union, or result from a European Union decision, such as a decision that a country provides adequate protection for your rights, or the use of an approved data transfer scheme or code of conduct.

7. Data Privacy and Security

At Vaitilingam Kay we maintain a comprehensive data privacy and security programme, which includes processes for ensuring that data protection is a key consideration of all new and existing IT systems that hold Personal Data. Where any concerns, risks or issues are identified, we conduct relevant impact assessments in order to determine any actions that are necessary to ensure optimum privacy.

We also maintain an active Information Security Policy which seeks to protect the availability, confidentiality and integrity of all physical and digital information assets. Specifically, this helps us to:

Protect against potential breaches of confidentiality;
Ensure all IT facilities are protected against damage, loss or misuse;
Increase awareness and understanding of the requirements of information security, and the responsibility of our colleagues to protect the confidentiality and integrity of the information that they handle; and

Ensure the optimum security of this website;

Ensure all paper based data assets are protected against damage, loss or misuse.

8. Definitions

Case	An engagement for legal services of Vaitilingam Kay by a direct Client or instigated by a 3rd party who is a Client of another lawyer, solicitor, barrister or the courts system.
Clients	A person who has engaged Vaitilingam Kay on a case. This person is a Data Subject.
Collected / Collection	The process used to receive and record the Personal Data whether in digital or hard copy format.
Consent	The formal approval from the Data Subject for the Personal Data to be Collected and Processed.
Data Controller	Is Vaitilingam Kay for most of the Personal Data Stored.
Data Handling Functions	Any business process that involves any Personal Data. Such as Connect document management system RackSpace cloud based email The court system Document archiving IT systems backups Document translation services Accountants HR services Other lawyers, solicitors, barristers Social workers Evaluation advisors Pensions advisors Medical advisors Secure shredding Staff mobile equipment Client card payments Website management information collecting Dictation services Telephone answering services Building and office CCTV systems Building door access systems Building visitor access records
Data Privacy Notice	The document detailing the privacy policies for clients available through the Vaitilingam Kay web site.
Data Processor	Any party who processes any Personal Data on behalf of Vaitilingam Kay including the Data Handling Functions. In some circumstances Vaitilingam Kay is a Data Processor for Personal Data passed from another lawyer, solicitor, barrister or the courts system in pursuit of a Case.
Data Protection Compliance Audit	A review of the policies, processes and practices of the Staff and Data Handling Functions and a report detailing the review, compliance and actions needed to ensure compliance.
Data Protection Laws	Any law in the UK or abroad relating to the protection of data and in particular the UK Data Protection Law 2018 and the General Data Protection Regulation (GDPR).
Data Retention Policy	The document detail the length of time data will be retained before being reviewed for deletion or destruction.
Data Subject	As defined by GDPR the individual natural person who can be identified by use of the Personal Data.
DPO	The Vaitilingam Kay appointed Data Protection Officer.
Employee / Employees	Any person engaged by Vaitilingam Kay who has access to Personal Data including: Partners Associates Permanent members of Staff Temporary workers Contractors
Information Security Policy	The document detailing the Vaitilingam Kay IT systems and related risks, security procedures and methods and mitigations.
Personal Data	Any data relating to a Data Subject that can be used to identify him or her in any way.
Personal Information	Is the term used to cover any data about an individual whether or not it can be used to identify them.
Processing / Processed	The act of using the Personal Data of a Data Subject. Such as: Transcribing Backing up Shredding Couriering off site Posting HR processes Taking credit card payments Recording Data Subject movements Taking telephone calls
Policy	This document which details Vaitilingam Kay handling and protect the Personal Data of Data Subjects.
Prospects	Data Subjects who contact Vaitilingam Kay and provide Personal Data in order for Vaitilingam Kay to provide a quote for Services but are not yet Clients of Vaitilingam Kay
Service / s	Any business function of Vaitilingam Kay these being legal cases relating predominantly to family law.
Special Categories	As defined by GDPR this is sensitive data about the Data Subject and requires a higher degree of security considerations.
Staff	Any Employee of Vaitilingam Kay with access to any Personal Data.
Storage	The physical location in which the Personal Data is kept. This will be both digital and physical and may be in transit for some periods.