1.1 We are committed to safeguarding the privacy of our website visitors, according to the UK Data Protection Act 2018.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.
1.3 Our website incorporates privacy controls which affect how we will process your personal data.
1.5 In this policy, “we”, “us” and “our” refer to CommLaws Law Firm.
2. The personal data that we collect
2.1 We may process data enabling us to get in touch with you (“contact data”). The contact data may include your name, email address, and your telephone number
2.2 We may process information contained in or relating to any communication that you send to us or that we send to you (“communication data”). The communication data may include [the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms.
3. Purposes of processing and legal bases
3.1 We may process contact data, and/or communication data for the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and complaint handling. The legal basis for this processing is our legitimate interests, namely communications with our website visitors, as well as the KYC obligation as required by Solicitors Regulation Authority (SRA).
3.2 We may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is our legitimate interests, namely the protection of our website, services and business, and the protection of others as well as the code of conduct and KYC policy as SRA demands.
3.3 We may also process your personal data where such processing is necessary for compliance with legal obligations contained in the SRA Code of Conduct and SRA KYC Policy Guidelines.
4. Retaining and deleting personal data
4.1 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.2 Contact data will be retained for a maximum period of 6 months, following the date of the most recent contact between you and us.
4.3 Communication data will be retained for a maximum period of 6 months, following the date of the most recent contact between you and us.
4.4 Notwithstanding the other provisions of this Section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Your rights
5.1 Your principal rights under data protection law are:
(a) the right to access – you can ask for copies of your personal data;
(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
(c) the right to erasure – you can ask us to erase your personal data;
(d) the right to restrict processing – you can ask us to restrict the processing of your personal data;
(e) the right to object to processing – you can object to the processing of your personal data;
(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;
(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and
(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.