Data Protection Privacy Notice
Data Protection Privacy Notice
1. This data protection privacy notice relates to the business of Michael Christopher Handforth as a Notary Public trading from the office of Lovedays, Solicitors, Crown Chambers, 6 Bank Road, Matlock Derbyshire DE4 3AQ. The business is registered with the Information Commissioner’s Office [“ICO”] under number ZA052390.
2. If you have any questions about this privacy notice please contact me by email: firstname.lastname@example.org
3. The business will process your and third parties’ personal data, as explained below in the course of providing you with notarial services including access to the firm’s website.4.
4. I will let you know by posting on the website or by email or letter if any changes are made to this notice from time to time. Your continued use of the business after informing you of such changes will amount to your acknowledgement and acceptance.
5. If you breach any of the warranties set out at paragraph 8 below, you will and you hereby agree to indemnify the business and its employees or agents from and against any claims, losses, demands, liabilities and financial penalties including legal costs arising from such breach.
6. Personal data is any information relating to an identified or identifiable person [known as a “data subject”]. It may include their name, address, email address, phone number, IP address, location data, cookies and similar information. It may also include special categories of personal data such as racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the purpose of uniquely identifying a data subject or information concerning health or person's sex life or sexual orientation.
7. The business may process personal data and special categories of personal data which you provide about yourself or other data subjects e.g. individuals whose details are included in any in material provided by you to the business. The business may obtain information about you and other data subjects from third parties such as due diligence platforms. If you use online services offered by the business, information about you may be collected about your devices including clickstream data.
8. The provision of certain personal data is necessary in order for the business to comply with mandatory client due diligence requirements and in order to provide you with services. You warrant on a continuing basis that such personal data is accurate, complete, truthful and up to date. Failure by you to comply with this requirement may result in documents being rejected or financial or other penalties being imposed by the relevant certification authorities or being held to be invalid in the destination country or it may cause other difficulty in completing a transaction in which you have involved the business.
9. In relation to the personal data of data subjects you additionally warrant to the business that (a) where applicable, you are authorised to share such personal data with the business and that wherever another data subject is referred to, you have obtained the explicit and demonstrable consent from all relevant data subjects to the inclusion and use of any personal data concerning them (b) to the extent that this is required in connection with the services, that such personal data is accurate, complete, truthful and up to date and (c) either you provide your explicit consent and warrant that each data subject has provided explicit consent for the transfer of personal data to foreign organisations in connection with the services as set out at paragraph 18 below or that an alternative legal gateway for such transfer (such as transfer necessary for the conclusion or performance of a contract in the interest of the data subject) has been satisfied.
10. Use of personal data. The business will only process personal data in accordance with applicable law for the following purposes: (a) responding to your enquiries (b) providing the services agreed (c) enabling suppliers and service providers to carry out functions on behalf of the business in order to provide services (d) ensuring the security of the business and preventing or detecting fraud or dishonesty (e) administering the business including complaints resolution (f) developing and improving the provision of services (g) complying with legal requirements including the Notary Practice Rules or guidelines and regulations or in response to a request from a Court or regulatory body. The legal basis for processing personal data for the above purposes will include (a) that which is necessary to fulfil a contract between the business and you or other data subjects (b) where you give your consent (c) where processing is necessary for the purposes of the legitimate interests of the business or a third party so as to ensure the services are properly provided or (d) where processing is necessary in order to comply with a legal obligation placed upon the business
11. Disclosure of personal data. Circumstances may arise where the business wishes or is required to disclose your personal data to third parties. This could involve disclosure to: (a) subsidiaries or associated offices and the employees working there (b) suppliers or service providers to enable or assist with the provision of services including couriers, translators, IT consultants, legalization, handling agents, identity verification organisations, and consultants (c) public authorities where the business is required by law to do so or in order to carry out necessary acts ancillary to the provision of services such as officials and staff at the Foreign and Commonwealth Office (d) foreign organisations such as Embassies, Consulates and High Commissions for the same purposes (e) professional organisations exercising control over notaries such as the Faculty Office (f) successors or partners to the business. [In the case of merger or sale of the business your personal data will be permanently transferred to the successor business] and (g) any other third party where you have given your consent.
12. International transfer of your personal data. The business may transfer your personal data to third parties in countries other than the country in which it was originally created or collected for further processing for the purposes set out above. In particular it may be transferred to foreign organisations such as foreign embassies in the UK or abroad. Such organisations will process personal data in accordance with the laws or international treaties to which they are subject over which the business has no control.
13. If the business transfers personal data to foreign organisations, it will ensure your privacy rights are adequately protected.
14. Retention of personal data. Your personal data will be retained for as long as is reasonably necessary for the purposes set out above or as required by UK law. The Notaries Practice Rules require that public form notarial acts shall be kept permanently. Private form acts have to be kept for a minimum of 12 years. Personal data may be stored electronically as well as in paper form.
15. Security of personal data. The business will implement security measures to prevent unauthorised access to your personal data. However please be aware that the sending of information via the internet is never completely secure. The business will do all that is reasonable to keep its systems secure but security cannot be guaranteed for example when you send confidential material to us by post or by email.
16. Data subject rights. Data subjects have numerous rights as regards their personal data. For further information please visit the ICO website at www.ico.org.uk. [Tel: 0303-1231113] These rights include :
(a) the right to make a subject access request [SAR] in writing for copies of their personal data retained by the business subject to certain limitations and exemptions and the rights of other data subjects. Each request should state that a SAR is being made. You may be required to provide proof of your identity and payment
(b) the right to request that inaccurate or incomplete personal data be rectified
(c) the right to withdraw consent to the processing of their personal data by the business if previous consent has been given
(d) the right to object to processing including automated processing and profiling
(e) the right to erasure or to request restriction. Data subjects may request that the business shall delete or erase some or all of their personal data. Upon receipt of such a request the business will comply unless there is a lawful reason or legal duty not to do so, such as archiving obligations that must be observed
(f) the right to data portability. In certain circumstances a data subject may request the controller to provide a copy of their personal data in a structured format and have it transferred to another provider of the same or similar services. The business will comply with such a request but please note that transfer to another provider does not imply the erasure of the data subject’s personal data held by the business which may still be required by the business for legitimate or lawful record keeping purposes
(g) the right to lodge a complaint with the supervising authority. If data subjects have any concerns or complaints about the way that their personal data is managed by the business they should make a written representation to the business first and if still not satisfied by the answer, then to the supervising authority directly
First Edition: November 2017