Jason Elliott Associates Limited

Data Protection Policy

MAY 2018

 

Introduction

Jason Elliott Associates Limited takes your privacy very seriously. This is because, in our view, providing an outstanding professional service includes handling your data carefully and responsibly.

 

This Policy contains important information about how and why we collect, store, use and share your personal data. It also sets out your rights regarding your personal data and how to contact us and supervisory authorities in the event you have a complaint.

 

Our aim is for this guide to be easily accessible and understandable so our clients are aware of our obligations concerning their personal data. If you have difficulty understanding this guide, or have any queries, please get in touch via the ‘contact us’ section.

 

Glossary

Data Controller

 

A data controller determines the purpose and means of processing personal data. For the purpose of providing a service to you, we are data controllers.

 

Data Processor

 

A data processor is responsible for processing data on behalf of the controller. We will process your data in the course of providing our service.

 

Data Subject

 

A data subject is an individual on whom data is held. For the purpose of providing our service, you are a data subject.

 

Personal Data

 

Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

 

Sensitive Personal Data

 

Special categories of personal data. Data relating to criminal convictions and offences is not sensitive personal data but similar safeguards apply to its processing.

 

 

Data Collection

 

Personal data we collect about you

An important part of the GDPR is promoting transparency regarding personal data.

If we act for you under legal aid, most of the personal data we collect is gathered using official legal aid forms. These forms have been updated to be GDPR compliant.

Personal data we may collect from you includes:

  • Name
  • Date of birth
  • National insurance number
  • Address
  • Prison number
  • Telephone number
  • Email address
  • We may gather information about your friends/family for the purpose of discussing your case with them.

 

To be GDPR compliant, we must have a lawful ground for processing your personal data. The data we collect and process about you is done with your consent. We require a clear expression of consent as a precursor for us acting on your behalf. Additionally, it is often necessary for us to process and share your personal data to provide our services to you.

 

We aim to keep the personal data we hold on you to a minimum and we only process your personal data where it is necessary to provide our services to you.

 

How we collect your personal data

Most of the personal data we collect is provided by you. A large amount of the personal data we collect is provided by you in official legal aid forms. These forms have been updated to reflect the GDPR.

 

Why we collect your personal data

One principle of the General Data Protection Regulation is ‘Purpose Limitation’. We only collect the data which is necessary for us to provide our services to you. The personal data we collect about you is necessary for us to act on your behalf, progress your case and gather information from third parties.

This includes applying for financial assistance on your behalf, contacting yourself, your family members and your previous advisers.

The personal data we collect about you is not processed in any way which is incompatible for the purposes for which we collected the data.

 

Sharing Data

With whom do we share your personal data?

We sometimes share your personal data with third parties. Given the nature of our services, any information we share about you is done with your authority. A form of authority is included in our information packs and we often cannot act for you without a form of authority to do so.

We may share your data with:

  • HMPS
  • The Legal Aid Agency
  • Your previous advisers
  • Medical organisations
  • Professional advisers we instruct on your behalf

 

Data Storage

Where do we store your personal data?

The information we hold on you is stored at our office. We can transfer your file upon your request once you inform us of any arrangements you make. This is often carried out by courier services.

 

Under the law we must hold your file for a period of 6 years. After this time your file will be returned to you or destroyed.

 

Your rights

The table below sets out your rights in relation to the data we hold about you.

Right to be informed

 

You have a right to be informed about the collection and use of your personal data

 

Right to access

 

You have a right to be provided with a copy of your personal data

 

Right to rectification

 

You have a right to have inaccurate personal data rectified or completed if incomplete

 

Right to erasure

 

You have a right to have your personal data erased. This is not an absolute right and only applies in certain circumstances

 

Right to restrict processing

 

You have a right to restrict or prevent the processing of your personal data. This is not an absolute right and only applies in certain circumstances

 

Right to data portability

 

You have a right to obtain and reuse your personal data without affecting its usability

 

Rights in relation to automated decision making and profiling

 

You have a right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you

 

 

For further information regarding your rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on an individual’s rights under the General Data Protection Regulation.

 

If you would like to make a request in relation to your rights please see the ‘contact us’ section below.

 

Security

We have effective security measures in place to ensure your personal data is kept safe and to prevent your personal data from being lost or used or accessed unlawfully.

 

We limit access to your personal data to those who have a genuine business need to access it. You can be assured that those using and processing your personal data do so in an authorised manner and are subject to a duty of confidentiality.

 

We have procedures in place to address suspected data breaches. In some circumstances we are legally required to report any suspected breach involving your personal data.

 

Complaints

If you wish to make a complaint regarding the way your personal data is handled, please get in touch via the ‘contact us’ section.

 

The General Data Protection Regulation gives you the right to complain to a supervisory body. The supervisory body for the UK is the Information Commissioner who can be contacted by visiting: https://ico.org.uk/make-a-complaint/ or by contacting: 0303 123 1113.

 

Contact Us

If you have any queries or concerns regarding this privacy policy, or the personal data we hold about you, please do not hesitate to get in touch via the information below.

 

Office

18 Albion House

West Percy Street

North Shields

Newcastle Upon Tyne

NE29 0DW

0191 447 4389

[email protected]

 

 

Data Protection Officer

 

Rebecca Barrett

[email protected]

0191 447 4389

 

Speak to the Experts