This notice tells you what to expect when we collect personal information. Hepburn Delaney Ltd will respect your privacy and look after your personal data.
This Notice contains information about:
Hepburn Delaney Ltd is a Solicitors firm specialising in Family Law, Matrimonial Law, Wills and Probate, Estate Planning and Mediation.
Our services include:
Family Law & Mediation, Wills & Probate, Powers of Attorney, Children Law
Dissolution of Civil Partnership
Nullity • Mediation • Unmarried Couples – Separation • Financial Remedy • Wills • Trust Wills • Codicils • Inheritance Tax and Estate Planning, Declaration of Trust • Probate/Estate Administration, • Disputed Inheritance • Deed of Variation • Lasting Powers of Attorney • Deputyship Orders • Enduring Powers of Attorney • Child Arrangements • Specific Issues and Prohibited Steps Orders • Special Guardianship • Advice for Family Members • Child Protection
Our GDPR Owner and data protection representative can be contacted directly here:
Hepburn Delaney Ltd is the “data controller” of the personal information we hold for the purposes of the UK General Data Protection Regulation (the UK GDPR) and the Data Protection Act 2018 (the Data Protection Act) which supplements UK GDPR and extends its application in the UK.
The Brexit transition period ended on 31 December 2020. Data we collected before the end of 2020 about people who were located outside the UK (EU/EEA) at the end of 2020 will be subject to the EU GDPR as it stood on 31 December 2020 (known as the ‘frozen GDPR’). As part of the new trade deal, the EU has on 28th June 2021 agreed an adequacy decision for the UK. The granting of an adequacy decision means that the personal data of EU/EEA data subjects can now be transferred from the EU/EEA to the UK without any further procedures in place such as Standard Contract Clauses (SCCs) or Binding Corporate Rules (BCRs). The EU Commission will further review this adequacy decision in 4 years.
What countries or territories are covered by adequacy regulations?
The UK has “adequacy regulations” in relation to the following countries and territories, which means it can transfer personal data between the UK and the following countries and territories, without any further procedures:
The European Economic Area (EEA) countries.
These are the EU member states and the EFTA States.
The EU member states are Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden.
The EFTA states are Iceland, Norway and Liechtenstein.
EU or EEA institutions, bodies, offices or agencies.
Countries, territories and sectors covered by the European Commission’s adequacy decisions (in force at 31 December 2020)
These include a full finding of adequacy about the following countries and territories:
Andorra, Argentina, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland and Uruguay.
In addition, the partial findings of adequacy about:
Japan – only covers private sector organisations.
Canada – only covers data that is subject to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).
If, during the course of our business relationship with you and/or us processing personal data for and on your behalf, you travel outside the UK and to any of the above listed countries, then the onus is on you to let the firm know specifically which country, as we may have to implement additional safeguards, such as encryption of data/transfer restrictions for the transfer of any personal data from us to you in such countries that may not be covered by the UK adequacy decisions that are in place.
Personal data is defined in the UK GDPR as any information relating to an identified or identifiable natural person. It can include obvious data like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Special category data includes data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
This policy applies to information we collect about:
What type of information we may collect:
As a legal services firm, most of the personal data we process is data relating to our contractual functions, powers and duties.
Data may also be processed because it is necessary for the pursuit of our legitimate interests and/or the legitimate interests of others.
There may be occasions where we process data to comply with legal obligations, particularly in the context of legal proceedings and/or compliance with requests by law enforcement agencies, for example; although, even in these cases, our regulatory functions will also generally be engaged.
We will not generally rely on consent as a basis for processing personal data. In the limited circumstances where we may rely upon consent, we will specifically obtain this in the course of collecting the data.
We may also use data to improve our level of service. Where we do this, we do it to help inform us how to improve the way we work since both we and those we deal with have an interest in us doing so. We may for instance, monitor and/or record calls for quality and accuracy purposes.
We use the services of Smart Search to provide secure digital identity verification and to share key documents as part of our client on-boarding process, in line with SRA regulations and our Anti Money Laundering professional obligations.
All information provided is securely processed by Smart Search using the highest security standards to encrypt your details and keep your personal data safe. You will receive a message to your smart phone or a link to your email address to start your client on-boarding by Smart Search.
The lawful basis that we will use for the processing of your personal data for this identification and verification purpose is to comply with “legal obligation”.
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. If you choose not to give us your consent for our mailing list, there will be no effect on your legal contract with us.
We use different methods to collect data from and about you including:
You may give us your identity and contact details by filling in forms or by corresponding with us by post, phone, and email or otherwise. This includes personal data you provide when you:
We may receive personal data e.g. computer IP address, about you from various third parties and public sources as set out below:
The nature of our work means that we handle personal information about third parties who are, in some way, connected to the work we do. This category is broad and examples include experts including but not limited to barristers, pension advisors, mortgage brokers, private detectives, medical experts, counsellors, mediators and estate agents.
Some data is collected when people sign up to receive marketing or registering with us for events.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you.
You will receive marketing communications from us if you have requested information from us or purchased services from us or if you provided us with your details when you entered a competition and, in each case, you have not opted out of receiving that marketing.
We will never sell your personal information.
Hepburn Delaney Ltd will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date and not keep it for longer than is necessary. Hepburn Delaney Ltd is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices the main ones detailed below. Personal data may be held in addition to these periods depending on individual business needs.
When we receive job applications containing personal information we create or update the information we hold about that person on our systems and files. We use the personal information to process the application and to make a decision about the application itself. We will keep the information for a period of 1 year, after which it will be destroyed.
If you have opted-in to receive our marketing communications you can unsubscribe from our data at any time.
We are under a general duty to keep personal data and information confidential. Where we share information, we take all reasonable steps to keep it secure, use it fairly and ensure that data protection safeguards are in place. We use secure portals and encryption tools when necessary to ensure data in transit is protected.
Hepburn Delaney Ltd uses technology to collect information about the use of the website and to distinguish you from other users in order to improve your experience when you browse the Hepburn Delaney Ltd website.
These cookies are used throughout the www.hepburndelaney.co.uk website. These cookies are used for reporting purposes helping us to collect information about how many people use our site, what parts are accessed and where visitors come from.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit http://www.allaboutcookies.org/
You should note that by deleting or blocking cookies, the website may not function correctly and you may not be able to access certain areas.
Depending on the information we hold about you, and the reason for us holding it, you have certain rights which are set out below.
You are entitled to have your records amended if the personal data we hold is inaccurate or incomplete.
You have a right to request your data is deleted in certain circumstances, i.e. where it is no longer needed for the purposes it was collected; the (rare) occasions where consent is relied upon as the lawful basis for processing, it is withdrawn and there is no other lawful basis for our continuing to process it; you object to the processing (see below) and there are no overriding legitimate grounds to continue; where the data has been unlawfully processed; or where it has to be erased for compliance with a legal obligation.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified. Consent is required for Hepburn Delaney Ltd to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used. You may withdraw consent at any time. Withdrawal of consent by the data subject means an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies withdrawal of consent to the processing of personal data relating to him or her. Withdrawal of consent shall be without effect to the lawfulness of processing based on consent before its withdrawal. Whereas consent covered all processing activities carried out for the same purpose or purposes, withdrawal of consent covers all processing activities carried out for the same purpose or purposes.
You have the right to obtain a copy of personal data we hold about you, including the reasons why we hold it, who the data will be shared with as well as details of the period for which the data will be retained.
In most instances, we will provide the information to which you are entitled within one month of receipt of a valid request. Requests which are complex or numerous may however take up to three months.
Requests which are considered manifestly unfounded or excessive will be refused.
You have the right to limit the way we use your personal data if you are concerned about the accuracy of the data or how it is being used. You can also stop us deleting your data.
The right to object to processing
You have the right to object to the processing of your personal data in certain circumstances. If the firm agrees to your objection, we must stop using your data for that purpose unless it can provide strong legitimate reasons to continue to use your data despite your objections.
You have an absolute right to object to the firm using your data for direct marketing and once you exercise this objection, the firm must stop using the data.
You have the right to ask us to transfer the information you have given to us from one organisation to another or to give that information back to you.
This right will only be applicable if we are processing information based on your consent or under contract and the processing is automated.
The right not to be subject to decision making based on automated processing
You have the right not to be subject to a decision based solely on automated processing i.e. decisions made entirely by technological means, without human intervention.
This right includes profiling for example any form of automated processing for the purpose of evaluating you as an individual.
We confirm that we do not make decisions based on automated processing as all decisions are made by individual/individuals within the firm.
The Supervisory authority is the Information Commissioner’s Office (ICO) whose contact details are as follows:
Information Commissioner’s Office
Helpline Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number. If you are calling from outside the UK, you may not be able to use the 03 number above, so please call +44 1625 545 700.
We will send information by secure digital transfer which will be password protected. We can make other arrangements in some cases.
You may not be entitled to see all the information held about you if an exemption applies. Examples of exemptions include information that:
If an exemption applies we will explain which exemption applies and we tell you if we have removed any information from the copy we send you.
We use cloud-based providers who operate within the EU under suitable data protection arrangements and security controls in place in accordance with the requirements in UK GDPR.
We also share data with organisations who perform audit and assurance roles for us and those who provide professional advisory services. This includes legal, medical and other professional advisers; again, with whom we have arrangements to ensure their compliance with our requirements.
As explained more particularly below, we also obtain data from third parties. Generally, when we do this, it is in the exercise of our regulatory functions, powers and duties, including:
Complainants, other regulatory bodies, law enforcement agencies and witnesses.
May 2023 updates to email marketing To be reviewed May 2024