Privacy and Transparency Notice
Data Controller – who are we?
Chiltern Law is the provider of legal services to private individuals, organisations and companies and we specialise in criminal defence, motoring law and regulatory matters. We are the Data Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection. Our full registered address is below:
Chiltern Law Limited
Further contact details are available from www.chilternlaw.com – the Site.
Purposes of processing
Your data will be processed in order to:
- market Chiltern Law services to you;
- provide services under contract to you;
- provide services to others (in so far as this does not breach client confidentiality)
- comply with regulatory and other legal obligations (such as anti money laundering regulations); and
- protect Chiltern Law against potential claims.
Special category data
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection, the following are example of such data which aren’t asked for by us but might be data which is processed by us as part of evidence and disclosure from the police, Crown Prosecution Service, Council, HSE or other Government agencies who prosecute.
- ethnic origin
- trade union membership
- biometrics (where used for ID purposes)
- sex life; or
- sexual orientation.
Your data will be processed on the basis that Chiltern Law has a legitimate interest in being able to achieve the aims of processing set out above. Where special category data is provided, the provider of the data warrants that they consent to Chiltern Law processing that data or that they have obtained written consent from you (the “data subject”).
Personal data held
As a minimum, Chiltern Law is required to positively identify its clients. This also includes positively identifying a director in the case of a corporate client. In addition, Chiltern Law holds whatever information is provided to it by its clients and others. This will rarely include special category data (examples of which are listed above).
When you call us, visit our web site, engage with “live chat” or fill out a form in connection with our activities, services or resources we may collect information about you including, but not limited to, the following:
- Telephone number
- Contact information, including email address and business address
- Demographic information such as location, age and gender
- IP address
We require this information to respond to requests and queries, understand your needs and provide you with a better service. We will also use the information to improve our products and services, detect fraud, administer accounts and to comply with contractual obligations you have with us.
If you request it, we will periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
Data Sources – how do we collect personal data from you?
Chiltern Law obtains most personal data from its clients and those who have indicated that they have an interest in our services. Chiltern Law also obtains some personal data from other correspondents. Chiltern Law also collects some data from publicly available sources (e.g. Companies House). We collect information from you when you use our website, if you complete our enquiry forms on our website, if you call us, email or engage in “live chat”.
Your data will be automatically collected when using our website and using “live chat” which will include your IP address, device specific information, location information and unique reference numbers pertaining to that engagement.
Non-personal identifiable information
We will collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information will include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilised and other similar information.
Cookies are small text files stored on your device when you access most websites on the internet or open certain emails. Among other things, cookies allow us to recognise your device and remember if you’ve been to this website before. We use the term cookie to refer to cookies and technologies that perform a similar function to cookies (eg tags, pixels, etc).
Please note that certain cookies may be set as soon as you visit our Site, but you can remove them using your browser settings.
However, please be aware that restricting or blocking cookies set on a website may impact the functionality or performance of the website or prevent you from using certain services provided through that website.
The following categories of cookie are currently used by us:
- JSESSIONID, PHPSESSID [stores your session id]
- MoneypennyHistory, MoneypennyRef, MoneypennyVisit [used by our online chat service]
- log [Internal tracking id]
- __utma, __utmc, __utmz [Google Analytics traffic monitoring]
- utmcsr [Google Analytics traffic monitoring]
- utmccn [Google Analytics traffic monitoring]
- utmcmd [Google Analytics traffic monitoring]
- ga, gat, gid [Google Analytics traffic monitoring]
AdWords Re-marketing cookie
We use Google AdWords Re-marketing to advertise our services to you across the Internet. AdWords Re-marketing will display relevant ads tailored to you based on what parts of our website you have viewed by placing a cookie on your machine.
THIS COOKIE DOES NOT IN ANYWAY IDENTIFY YOU OR GIVE US OR ANY THIRD-PARTY ACCESS TO YOUR COMPUTER.
The cookie is used to say “This person visited this page, so show them ads relating to that page.”
To summarise, the Google AdWords re-marketing Cookie connects the activity of www.Chiltern Law.co with the AdWords advertising network and the DoubleClick Cookie.
You can opt out of the cookie tracking here:
Failure to Provide Data
If you fail to provide Chiltern Law with certain data required we won’t be able to positively identify you or comply with anti money laundering regulations, in such circumstances we would not be able to act for you. Further, you will not receive services or marketing.
Where we store your personal data
We have procedures in place to store your personal data and this is protected by encryption. All information you provide to us is stored on secure servers. Where necessary and as part of fulfilling our obligations to you, we will transfer data to third parties such as counsel, experts and courts and this will be done by secure email.
Recipients and sharing data
Any data provided by a client is treated as confidential to that client and will only be shared with others in so far as this is necessary in order to provide the services contracted for by the client, to comply with regulatory and other legal obligations and to protect Chiltern Law against a potential claim. In order to provide its services, Chiltern Law relies on the services of certain data processors. These include secure cloud storage for files and emails. In each case, Chiltern Law ensures that data is processed in compliance with this policy. Such sharing of data will ordinarily take place when instructing experts in your case.
Third countries and safeguards
Other than where required in order to provide services as required in individual client matters, data is rarely sent to other countries. Where it is, the relevant devices are password protected and equipped with tracking and remote wipe software. The devices are personally accompanied.
Data is held for six years from the end of the relevant matter or for six years where not associated with a particular matter. The retention period is not arbitrarily set, it is to allow data to be stored should there be any claim against us and coincides with certain limitation periods prescribed by law for such actions.
Data subject’s rights – your rights
You have the right (subject to client confidentiality) to:
- withdraw consent to the processing of your data;
- right to be forgotten
- complain to a supervisory authority regarding the processing of your data (https://ico.org.uk/);
- obtain a copy of the data held on you and to correction of any errors in that data.
If consent is withdrawn to process your data it will delay or prevent us from fulfilling our contractual obligations to you. It will also mean that we won’t be able to provide our services.
You also have the right to be forgotten, where you object to our use of your personal data, request us to delete your data or cease using it if there is no need for us to keep it. There are good reasons for keeping data, legal and accountancy reasons for example.
As part of our professional service we agree to take reasonable measures protect your data in accordance with applicable laws.
Henley On Thames
Mr Darren Rogers
Director and Data Protection Officer