Ingram Advocates is registered with the Office of the Information Commissioner as a data controller pursuant to the Data Protection (Jersey) Law 2018, together with any relevant amendments, updates and subordinate legislation, in addition to the General Data Protection Regulation (“GDPR”), where applicable. The firm is a data controller in respect of the personal data which we process in connection with our business activities.
The firm is committed to protecting and respecting your privacy. This policy details the basis upon which we may collect and/or process your personal information.
Our detailed Data Protection policy is set out in our Terms of Business which will be issued to you upon commencement of any engagement.
Officers of the Court
Nothing in this Privacy Notice detracts from the duties that we owe to you as officers of the Court. Our obligations to you under the Data Protection legislation are in addition to those duties.
“Personal data” means information about a living individual (the “data subject”) who can be identified from that data (either by itself or when combined with other information).
What personal data do we collect and how?
We collect and process various categories of personal data at the start of and for the duration of your relationship with the firm.
We limit the collection and processing of data to information necessary to achieve one or more lawful bases of processing, as identified in this notice. Personal data may include:
- Personal Contact details (including names, postal addresses, email addresses and telephone numbers);
- Information required for Ingram Advocates to meet its legal and regulatory requirements, in particular in respect of anti-money laundering legislation, including information on source of funds and source of wealth;
- Information provided in the course of the provision of legal and governance services (for example, information on professional relationships and background, financial wealth and assets held, transactions entered into, tax status, disputes and court proceedings engaged in);
- Financial information, such as payment related information;
- Professional interests and events attended (including images or video obtained during visits to events hosted by us or at our offices);
- Meetings attended and visits to our offices;
- Any other information you may provide to us.
We may also require personal data defined as “special category data” for specific and limited purposes, such as providing legal advice for the purposes of family law proceedings. We will only process special categories of information where we have obtained your express consent or are otherwise lawfully permitted to do so. This may include, but is not limited to:
- race or ethnic origin;
- religious, political or philosophical beliefs;
- trade union membership;
- criminal records; and
- physical or psychological health details or medical conditions.
We may also require personal data relating to your dependents for the purposes of our family law and/or wills, succession or probate advice.
How we obtain personal data
Your personal data is made up of all the personal information and documentation we collect and hold about you.
- Information and documentation you give to us;
- Information and documentation that we receive from third parties (to include other law firms);
- Information and documentation that we learn about you through our relationship with you; and
- Information and documentation that we gather from publicly available sources, such as the media, company registers and online search engines.
Basis of use
We may request and process personal information about you prior to our engagement and throughout, in order to meet regulatory and legal requirements.
We will require certain personal data in order to properly provide you with advice and/ or assistance through legitimate interest. We will endeavour to set out the purpose for the request in each communication. We will also require personal information for the following reasons:
- To comply with the requirements of Anti Money Laundering legislation; and
- To ensure we address any conflicts of interest
In addition, we may collate information about your visits to and use of this website. This does not identify you individually and relates solely to information such as IP address, browser type, referral source (e.g. social media), length of visit and pages visited. This information is only used as an analytical tool to improve the user experience to our website.
How long do we keep your personal data for?
Personal data (including both client and employee information) will be retained for a period of 11 years. This is considered to be an appropriate and proportionate period in order to enable us to comply with our own legal and professional obligations.
The firm has a legal obligation to ensure that the personal information provided to us is kept accurate and up to date. Please ensure that any update to your personal information is communicated to us in writing in order that we can update our records.
As a data subject you have certain rights. These include the right of access (commonly known as a subject access request); the right to be informed as to how your personal data is gathered and processed (as set out in this privacy notice); the right to amend your details; the right to be forgotten (or erase your details); the right to restrict what we do with your data; the right to transfer data and also to object to processing.
Should you wish to exercise any rights under the applicable data protection legislation (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted or provided to any third party; or to object to any particular processing), you should send the request in the first instance to the firm’s data protection officer (see below for details).
In any case in which a data subject chooses not to provide any personal data or where any of the rights set out above are exercised to limit the processing of personal data Ingram Advocates may be unable to provide relevant services, or there may be a restriction on the services which can be provided.
Ingram Advocates’ data protection officer is Advocate Chris Hillier and he may be contacted by email at firstname.lastname@example.org. or by post at Bourne House, Francis Street, St Helier, JE2 4QE.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
The firm’s IT system is controlled and maintained by a specialist local provider who ensures that the systems are secure and that the correct firewalls, antivirus/malware protections are in place and that emails are scanned for viruses and spam.
Our IT infrastructure is secure and access is only permitted by staff via a secure system or by our IT service providers who are also subject to the same data protection legislation.
Our premises are secure and can only be accessed by those who are authorised to do so. We also ensure any personal data is kept in filing cupboards that can be locked. Our offsite data storage facilities are secure and maintained by a recognised offsite storage provider.
Sharing with third parties
From time to time we may need to share your personal data with third parties but we shall not do so except:
- where we have your express permission;
- where it is required for the services we provide for you;
- where we are required to by law and by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world;
- In the event we may need to instruct debt collection agencies; or
- where it is permitted by law, it is necessary for our legitimate interests or those of a third party, and it is not inconsistent with the purposes listed above.
Data Protection Authority
Should any concerns or complaints remain unresolved by any member of the firm you are entitled to contact the Office of the Information Commissioner at their current postal address of 2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT.
The Commissioner may be contacted by email at the following address: email@example.com