Privacy Notice

Privacy Notice

Privacy Policy Icon

Privacy Notice for Clients of Graham & Rosen Solicitors   

What does this document do?

This Privacy Notice describes how personal data we collect from our clients will be collected, stored and processed. It also explains your privacy choices when using our website as well as your right to access your information under the Data Protection Act (DPA) 1998 up to 24 May 2018 and the General Data Protection Regulation (GDPR) on and from 25 May 2018 (Data Protection Legislation)

Graham & Rosen Limited is a company registered in England and Wales with company number company no. 07807656, whose registered office is situate at 8 Parliament Street, Hull, HU1 2BB (Graham & Rosen). For the purposes of the Data Protection Legislation Graham & Rosen is the data controller. 

What information do we hold?

To operate efficiently, Graham & Rosen has to collect and use information about people. This may include current, past and prospective employees, clients, customers and suppliers. In addition, we may be required to collect and use information to comply with regulatory requirements. This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.

We will never sell your data.

The Company regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining the confidence of clients, and we will ensure that we treat personal information lawfully and correctly. 

Why do we need to collect personal information?

Where you have instructed us to carry out work on your behalf, we must obtain necessary personal data to do that work. You have the right to refuse to provide that data, if you do so we may not be able to proceed with the transaction.

Under Data Protection Legislation we may collect personal data:

  • To fulfill a contract we have with you, or

  • When it is our legal duty, or

  • When you consent to it, or

  • When it is in our legitimate interest (provided it does not unfairly go against what is right and best for you. If we rely on our legitimate interest, we will tell you what that is.)

What will we use your personal data for?

We will use your personal data:

  • To manage our relationship with you or your business

  • To carry out your instructions

  • To manage risk for us

  • To obey laws and regulations that apply to us

  • To respond to complaints and seek to resolve them

  • To run our business in an efficient and proper way including managing our financial position, business capability, planning, communications, corporate governance, and audit.

  • To exercise our rights as set out in agreements or contracts

How will we process your personal data?

We will do so in accordance with the Data Protection Legislation and shall ensure that your personal data:

  • Shall be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met

  • Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes

  • Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which is it processed

  • Shall be accurate and where necessary, kept up to date

  • Shall not be kept for longer than is necessary for that purpose or those purposes

  • Shall be processed in accordance with the right of data subjects under the Act

  • Shall be kept secure and protected by an appropriate degree of security

  • Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection

We do not use any form of automated decision making process to make decisions about you.

Your rights under the Data Protection Legislation.

You have the following rights:-

  • The right to be informed that processing is being undertaken

  • The right of access to one’s personal information within the statutory one-month period

  • The right to prevent processing in certain circumstances

  • The right to correct, rectify, block or erase information regarded as wrong information

  • The right to be forgotten or to have your personal data erased subject to Clause 6 below

In addition, we will ensure that:

  • There is someone with specific responsibility for data protection in the organisation

  • Everyone managing and handling personal information understands that they are responsible for following good data protection practice

  • Everyone managing and handling personal information is appropriately trained to do so

  • Everyone managing and handling personal information is appropriately supervised

  • Anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, knows what to do

  • Queries about handling personal information are promptly and courteously dealt with

  • Methods of handling personal information are regularly assessed and evaluated

  • Performance with handling personal information is regularly assessed and evaluated

  • Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures

Who we might share your personal information with

We may need to provide your personal data to third parties for the following purposes:- 

  • If it is necessary for the completion of the work that you have asked us to carry out, eg we may instruct a Barrister or provide your information to the Land Registry

  • To other parties where it is necessary for the administration of our business, eg to a costs draftsman in the case of Legal Aid or Personal Injury work, or to companies to whom we outsource administrative and support tasks

  • Where we need to do so to comply with our regulatory and legal obligations

  • For prevention of fraud and money laundering

Where appropriate, all contractors who are users of personal information supplied by Graham & Rosen will be required to confirm that they will abide by the requirements of the Data Protection Legislation with regard to information supplied to them by us.

Sharing your Information with Fraud Prevention Agencies

To comply with the law and for our own legitimate interest to enable us to assess and manage risk, we can share details about your financial situation and financial history, and the financial situation and history of individuals connected to your business with fraud prevention agencies.

We’ll carry out checks with fraud prevention agencies for the purposes of preventing fraud and money laundering, and to verify your identity and the identity of individuals connected to your business before we provide services to you. These checks require us and these agencies to process information about you and individuals connected to your business.

The information you provide or which we’ve collected from you, or on your behalf, including from individuals connected to your business or received from third parties, will be used to carry out these checks in order to prevent fraud and money laundering, and to verify your identity and the identity of individuals connected to your business. This includes information such as name, address, date of birth, contact details, financial information and employment details.

We and fraud prevention agencies may also enable law enforcement agencies to access and use information about you and individuals connected to your business to detect, investigate and prevent crime.

We process this information on the basis that we have a legitimate interest in preventing fraud and money laundering and to verify your identity and the identity of individuals connected to your business. This enables us to protect our business and to comply with laws that apply to us.

Fraud prevention agencies can hold information for different periods of time. If they’re concerned about a possible fraud or money laundering risk this information and data can be held by them for up to six years

How long will we keep your personal information?

We will keep your personal information for a minimum of 7 years after the end of your case.

This period may be longer depending upon the type of matter. The person responsible for your case will inform you of the relevant retention period for your matter.

We may retain this data for one of these reasons:-

  • To respond to any questions or complaints

  • To show that we treated you fairly

  • To maintain records according to rules that apply to us

  • To comply with our regulatory obligations to act in your interests

  • To protect our own legitimate interests

We will retain your name, address, date of birth, email and other contact details indefinitely. This is because we need this information to carry out conflict of interest checks in compliance with our regulatory obligations. We will not use this information to contact you unless you have specifically given us authorisation to do so, or unless we have a legal obligation.

We will always make sure that your privacy is protected and only use your personal data for one of the purposes listed above.

What if your personal information is incorrect?

You’re responsible for making sure the information you give us is accurate and up to date and you must tell us if anything changes as soon as possible.

You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.

What if you want us to stop using your personal information?

You have the right to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it.

There may be legal or other official reasons why we need to keep or use your data, but please tell us if you think that we should not be using it. We may be able to restrict the use of your data meaning that it can only be used for certain things, such as legal claims or to exercise legal rights.

What to do if you have any questions of complaints

Questions or requests in connection with this Policy should be addressed by email to [email protected] or by writing to Mr I Boyle, Graham & Rosen, 8 Parliament Street, Hull, HU1 2BB

If you are unhappy with the way in which we treat your data or we do not resolve any concerns with you then you have a right to complain to the Information Commissioner’s Office.


accreditations logos