The GDPR applies to all EU member states and is aimed at protecting its citizens from privacy and data breaches, including employees and customers. The UK will be covered under the new regulatory regime regardless of Brexit.
This Policy (together with our terms and conditions and any other documents referred to in it) sets out the basis on which any personal data which we collect from you, or that you provide to us, will be processed by us.
It is important that the personal information that we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
Who are we?
Insight Legal Services Limited trading as Insight Law is a registered company, based in Wales under company number 10801797 with its registered office at 2nd floor, Unit G, Copse Walk, Cardiff Gate Business Park, CF23 8RB.
In what capacity will Insight Law hold personal information about you?
During the course of providing our services, Insight Law compiles and holds certain personal information and data about our clients for the purposes of providing legal services to those clients. This may include personal information about our clients including information that they provide to us when registering with our website including their email address and contact details, their name, address, gender, date of birth, relationship status, bank account details, passports and other forms of client identification.
In providing these services, Insight Law will act as a Data Controller in respect of your personal information. In the large majority of cases our client’s personal data is securely held on our case management system. This is fully hosted and maintained by DPS Software Limited (‘DPS’)
DPS maintain their current ISO27001 Information Security accreditation along with GDPR accreditation and as a result this system fully conforms with the requirements placed on us by GDPR.
DPS will be the Data Processor for the purposes of GDPR. All data stored on DPS is held in a secure data centre and is encrypted.
How is your personal information collected?
We use different methods to collect personal information from and about you.
- Directly from you: Typically, the personal information that we collect about you will be the personal information that you provide directly to us. In some instances, however, it could be provided in other electronic formats, on application forms, or in other communications which could be in writing, by telephone, via the internet or by other means.
- From third parties: We will also gather personal information from other sources, including from lenders, estate agents, law firms, credit reference agencies, mortgage brokers, Independent Financial Advisors and regulatory bodies.
What personal information will Insight Law hold about you?
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you as follows:
- Full name and title
- Contact information including email addresses and postal addresses, telephone numbers and fax numbers
- Details of any potential conflicts of interest
- Adverse credit and negative media
- Date of birth
- National Insurance number
- Bank details
- Identification or supporting documents (such as passport, driving licence, birth certificate, utility bill, bank statement etc)
- IP address
- Customer data (which in addition to the above may include mortgage account information and other data in respect of a conveyancing transaction)
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
How will Insight Law use personal information held about you?
We will only use your personal information when the law allows us to.
We will use your personal data where we need to: (a) in order to meet our contractual obligations under our agreement with you; (b) where it is necessary for our legitimate interests (or those of a third party and your interests and fundamental rights do not override those interests; or (c) where we need to comply with a legal or regulatory obligation. In summary this means we use your personal information to enable us to facilitate the progress of the relevant transaction up to and including exchange of contracts, completion and where necessary, registration at the Land Registry
We do not rely solely on consent as a legal basis for processing your personal information. You have the right to withdraw consent to us holding your personal data at any time by contacting us at firstname.lastname@example.org , or by post to: Data Protection Officer, Natalie Williams, Insight Law, 2nd Floor, Unit G, Copse Walk, Cardiff Gate Business Park, CF23 8RB.
By granting consent, you authorise us to store, use and where appropriate, in connection with our instructions and the work being undertaken on your behalf, to share your data with third parties. This authority does not constitute a waiver of our clients’ rights under the GDPR and their consent may be withdrawn at any time by written notice to the DPO at the address detailed above.
Most commonly, we will use your personal information in the following circumstances and for the purposes of:
Purpose/Activity Lawful basis for processing
Progressing conveyancing Performance of a contract with you
Undertaking checks Performance of a contract with you
with third parties Necessary to comply with a legal obligation
Assessing lending and insurance risks Performance of a contract with you
Necessary to comply with a legal obligation
Contacting any third parties Performance of a contract with you
associated with the transaction
to obtain further information,
references or clarification
on the data provided
Contacting you for market research Performance of a contract with you
purposes Necessary for our legitimate interests
(to study how customers use our products/
services, to develop them and grow our business)
Processing payment Performance of a contract with you
for the purchase of Necessary for our legitimate interests
products and services (to recover debts due to us)
applicable laws and regulations Necessary to comply with a legal obligation
Internal record keeping Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep
our records updated and to study how customers
use our products/services)
Undertaking anti-money Performance of a contract with you
laundering, identity and Necessary to comply with a legal obligation
Developing or progressing Performance of a contract with you
development with mortgage,
conveyancing, law firm and
lender processing systems
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosure of your personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, consultants, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy and in the delivery of our services.
We may disclose your personal information;
- To the extent that we are required to do so by law;
- In connection with any ongoing instructions on our clients’ behalf
- In order to establish, exercise, or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk
- To any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information
- Except as provided in this policy, we will not provide your personal information to third parties
If you give us personal information regarding another person, you are confirming they have given you permission to provide their personal information and also that you have advised them that their personal information will be passed to Insight Law.
Will your personal information be transferred to other countries?
We may need to share personal information with third parties in both the UK and internationally for a variety of reasons. We require third parties to respect the security of your personal information and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We may transfer the personal information we collect about you to countries outside the EU in order to process your personal information on one of the grounds listed above. It is possible that the European Commission will have deemed such countries adequate. This means we can transfer your personal information to those countries as they will provide an adequate level of protection for your personal information.
However, not all countries to which we may transfer your personal information will be deemed adequate by the European Commission. To ensure that your personal information does receive an adequate level of protection we will put in place standard contractual clauses approved by the European Commission with those parties wherever necessary. This ensures that your personal information is treated in a way that is consistent with and which respects the applicable laws on data protection.
What happens if you choose not to provide us with personal information or are unable to provide us with personal information?
If you fail to provide certain personal information when requested, we may not be able to perform the agreement we have entered into with you, or we may be prevented from complying with our legal obligations.
As part of our day to day progression of transactions it is essential that we hold certain personal data about our clients. If clients are unable or not willing to provide personal information this will impact our ability to progress our clients’ transactions.
What are your rights relating to the use of your personal information?
Under the GDPR, you have certain rights in respect of the processing of your personal information, which may vary dependent on the legal basis for collection of your personal information and the uses made of this personal information.
For all uses made of your personal information you have the right to be informed about how we use your personal information and this notice discharges that obligation. However, further rights may apply in different circumstances, as set out below:
- Right of access – you have a right to access a copy of the personal information that is held about you (subject to data protection laws)
- Right of rectification – you have a right to correct personal information that is held about you if it is inaccurate or incomplete
- Right to be forgotten- in certain circumstances you can ask for the personal information held about you to be erased (please note our retention period as set out below)
- Right to restrict processing – where certain conditions apply you have a right to restrict processing (please note this may impact our ability to provide our services to you)
- Right to data portability – you have the right to have the personal information held about you to be transferred to another organisation, where appropriate
- Right to object – you have the right to object to certain types of processing of personal data, such as direct marketing
- Right to withdraw consent - In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact email@example.com, or by post to: Data Protection Officer, Natalie Williams, Insight Law, 2nd floor, Unit G, Copse Walk, Cardiff Gate Business Park, CF23 8RB
In the event that you wish to exercise any of these rights, please make your request in writing to our DPO at the address listed above.
How long will Insight Law retain your personal information for?
We will only retain your personal information for the duration of our agreement with you and for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such personal information without further notice to you.
We have put in place measures to protect the security of your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
However, the internet is not a secure medium but we are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal information we collect online. We will use our best efforts to ensure that no unauthorised parties have access to any of your personal information and we restrict access to non-public information about you to those individuals and entities that need to know the personal information to be able to provide products and services to you.
Cookies are used on the website. A cookie is a small file that is stored on your computer when you visit a website. If you visit the website again, it is recognised as a repeat visit by means of the cookie. The cookie cannot be used to identify you on websites of third parties. The cookie helps analyse web traffic or lets you know when you visit a particular site. We use traffic log cookies to identify which pages are being used, which helps us analyse data about web page traffic and improve the website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser settings to decline cookies if you prefer. Some personalised services on the website may not be available if you choose to disable cookies.
Links to other websites
You have the right to make a complaint at any time to the relevant supervisory authority. The UK supervisory authority for data protection issues is the Information Commissioner’s Office (ICO).
This Privacy Notice was last updated on 17th May 2018.