Privacy
Last Updated March, 2023
At Wright & Wright your privacy is important to us. As such we have produced this policy to explain how we gather, store, use and transfer your personal data whether via our website, when you apply to use our services, when you attend any of our events, when you contact us via email, social media, post or phone, or when you apply for a position within the practice and/or become employed by us.
This policy also provides you with assurance that we are complying with law, in particular the General Data Protection Regulation (GDPR) principles, and informs you about your rights. Wright & Wright is committed to protecting the privacy and security of your personal information.
Wright & Wright is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
Personal Data
Personal data, or personal information, is information (name, email address, contact details, website statistics, and opinions) about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data). Individuals are sometimes referred to as data subjects.
Responsibilities
Wright & Wright is the controller of the personal data we collect (referred to as ‘we’, ‘us’ or ‘our’ in this policy). We are responsible for ensuring our systems, processes, suppliers and people comply with data protection laws in relation to the information we handle.
We comply with data protection law. This says that the personal information we hold about you is always:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant and limited to the purposes we have told you about.
- Accurate and kept up to date.
- Kept only as long as necessary for the outlined purposes.
- Kept securely.
All employees must follow this policy when handling personal data. Any breach is taken seriously and will result in disciplinary action.
Helen Hancock, Office Manager at Wright & Wright, has been appointed in collaboration with legal counsel to oversee compliance with data protection laws and our policy and respond to any questions in relation to this policy or requests to exercise your legal rights.
Helen Hancock
Office Manager
55 Leroy Street, London SE1 4SN
+44 (020) 7254 6294
ww@wrightandwright.co.uk
Data Collection
We only collect information that is necessary to carry out our business, provide the particular service(s) you’ve requested and keep you informed. There is always the option to not provide your information, though this may impact the ability for us to carry out our business with you or the level of personalisation in communications.
Below outlines the types of personal data we may collect, use, store and transfer. Most of this data has been provided directly to us by you.
- Identity data which includes first name, last name, title, company, and title.
- Contact data which includes work address, email address and telephone numbers.
- Transaction data which includes details about payments from you and other services you have purchased from us.
- Profile data which includes use of our services and your interest, preferences, feedback and survey responses.
- Technical data which includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating systems and platform and other technology on the devices you use to access our website.
- Usage data which includes information about how you use our website and services.
- Marketing and Communications data which includes your preferences in receiving marketing from us and our third parties and your communication preferences.
In addition to the above, we may collect Aggregate Data which is statistical or demographic data for any purpose. This type of data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate information you provide on applying for a job with us in order to monitor recruitment statistics and inform our recruitment practices in the future. Should this data be combined with your personal data it can directly or indirectly identify you and will be used in accordance with this privacy policy.
We recognise the importance and concerns individuals have with regard to their personal data. In line with General Data Protection Regulations, the methods by which we collect data include:
- Direct interaction where you have given clear consent that we may process your personal data for a specific purpose. For example, filling in a form, corresponding by post, email, phone and social media platforms, entering into a contractual or legal obligation.
- Relating to clients and other contacts.
- Relating to providing our services.
- Relating to applying for a job or work placement.
- Relating to registering for marketing material, subscribing to a newsletter or attending an event.
- Relating to entering competitions, promotions or surveys.
- Relating to providing feedback or reviews.
- The collection of cookies to support essential functionality and gather some insight on how our website is used. These cookies are not used to transport personal data to third parties. Vimeo cookies are set on pages with a Vimeo video embed, and Vimeo embeds include the DNT (“do not track”) parameter.
- Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
- Google Analytics collect and assess Aggregated Data such as statistical or demographic data for marketing purposes: to recognise and count the number of visitors, and to monitor website navigation. This helps us optimise website performance and improve how users and search engines find our content.
How we use personal data
Please feel confident that we will only use personal data when the law allows us:
- Where you have given clear consent personal data may be processed for a specific purpose.
- Where we need to comply with contractual, legal and regulatory obligations.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where it is necessary to protect an individual’s vital interests.
- We have outlined below all the ways in which we may use your personal data. Please note that we may use data for more than one lawful purpose where we reasonably consider that we need to, and it is compatible with the original purpose.
- To register you as a new client, supplier, job applicant, employee or work placement.
- To process payments and deliver/receive services to/from you.
- To enable us to meet our contractual and legal obligations.
- To send relevant communications.
- To enable you to take part in a survey.
- To administer and protect our business and our website.
- To deliver relevant website content, including news articles, and measure or understand the effectiveness of the content we serve you.
- To use data analytics to improve our website, products/services, and marketing.
We may use your personal data to form a view on what you think you may want or need, or what may be of interest to you. This is how we decide what products, services and offers may be relevant for you. You will only receive such marketing communication from us if you have requested it from us or purchased services from us and, in each case, you have not opted out of receiving such material.
Storing and protecting personal data
We have put in place appropriate measures to secure personal data and protect it from accidental loss, used or accessed in an unauthorised way, disclosed or altered. In addition, in recognition that data security is a key element of data protection, we have Cyber Security Essentials Plus Certification and it is a requirement that all our people comply with this policy and our GDP and IT Security Policy, and that all third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We use appropriate technological measures to transmit large or sensitive documents or data to clients and other third parties. However, we cannot be held responsible for the security of correspondence sent by email, post or courier.
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements, in line with the UK Records Management and Retention and Disposal Policy. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your data protection rights
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
Should you wish to make a request in line with your rights as an individual, please forward the request in writing or by email to Helen Hancock, Office Manager, h.hancock@wrightandwright.co.uk
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You can ask us or third parties to stop sending you marketing messages any time by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of the service.
You can also set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.
All employees at Wright & Wright must also inform Helen Hancock, Office Manager, acting on behalf of Wright & Wright (the Data Controller) immediately if they receive a compliant relating to how the practice has processed personal data of a third party so the practice’s complaints procedure may be followed.
Changes to this policy
We may update this policy from time to time to reflect, for example, changes to our practice or for other operational, legal or regulatory reasons. Any changes will be re-issued to our website as well as to all staff to ensure that the information available is correct at all times. It is your responsibility to ensure that you check this policy regularly are aware of any changes to its terms.
At Wright & Wright your privacy is important to us. As such we have produced this policy to explain how we gather, store, use and transfer your personal data whether via our website, when you apply to use our services, when you attend any of our events, when you contact us via email, social media, post or phone, or when you apply for a position within the practice and/or become employed by us.
This policy also provides you with assurance that we are complying with law, in particular the General Data Protection Regulation (GDPR) principles and informs you about your rights.