Higgins & Co Lawyers Limited fully endorses and adheres to the provision of GDPR. Employees and others who obtain, handle, process, transport and store personal data for the firm must comply with GDPR, and adhere to Article 5 ‘Principles relating to the processing of data’.
1. Personal data shall be:
a. Processed fairly and lawfully and in a transparent manner in relation to the data subject.
b. Collected for a specific, explicit and legitimate purpose and not further processed in a manner that is incompatible with those purposes.
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
d. Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without undue delay.
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (integrity and confidentiality).
2. The business shall be responsible for the above and able to demonstrate compliance with 1.a to 1.f above.
Satisfaction of Article 5 Principles Relating to the Processing of Data.
Higgins & Co Lawyers Limited shall:
● Observe fully Articles 1.a to 1.f regarding the fair collection and use of personal data;
● Meet its obligation by the purposes for which personal data is used;
● Collect and process appropriate personal data only to the extent that it is needed to fulfil
operational and legal requirements;
● Ensure the quality of personal data used;
● Apply strict checks to determine the length of time personal data is retained;
● Ensure that the rights of individuals about whom the personal data is held, can be fully
exercised under GDPR;
● Take the appropriate technical and organisational security measures to safeguard
personal data; and
● Ensure that personal data is not transferred abroad without suitable safeguards.
We only collect data as necessary to carry out lawful processing as detailed in our table of legal basis for processing at the end of this Data Protection Policy.
Information Compliance Manager
The Information Compliance Manager for Higgins & Co Lawyers Limited is responsible for compliance with GDPR and implementation of this policy on behalf of the firm. The Information Compliance Manager is Paul Higgins. Any questions or concerns about the interpretation or operation of this policy should be taken up in the first instance with the Information Compliance Manager.
Status of the Policy
Any breach of this policy will be taken seriously and may result in disciplinary action. Any employee who considers that the policy has not been followed in respect of personal data about themselves should raise the matter with their manager or the firm’s Information Compliance Manager.
If as part of their responsibilities, employees collect personal data (e.g. about clients or about employees), they must comply with this policy. All employees are responsible for;
● Checking that any personal data which they provide to Higgins & Co Lawyers Limited is accurate and up to date;
● Informing Higgins & Co Lawyers Limited of any changes to information which they have provided e.g. changes of address;
● Checking any information that Higgins & Co Lawyers Limited may send out from time to time, giving details of information that is being kept and processed.
The need to ensure that personal data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restrictive. All staff are responsible in ensuring that:
● Any personal data which they hold is kept securely;
● Personal data should not be disclosed either orally or in writing or otherwise to any
unauthorised third party.
Rights to access information
Employees and other subjects of personal data held by Higgins & Co Lawyers Limited have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. Any person who wishes to exercise this right should make the request in writing to the firm’s Information Compliance Manager.
Higgins & Co Lawyers Limited reserves the right to charge the maximum fee payable for each subject access request up to 25th May 2018; thereafter all requests will be provided without charge unless a request is determined to be either unreasonable or excessive.
If personal details are inaccurate they can be amended upon request.
Higgins & Co Lawyers Limited aims to comply with requests for access to personal information as quickly as possible and within 40 days of receipt of a completed request up to 25th May 2018; thereafter within 30 days unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request.
All individuals who are the subject of personal data held by Higgins & Co Lawyers Limited are entitled to:
● Obtain a copy of information held about them and why;
● Ask how to gain access to it;
● Be informed how to keep it up to date; and
● Be informed about how we comply with our obligations to GDPR
The need to process data for specified purposes should be communicated to all data subjects and is further available in the table provided below. If we intend to market data subjects in the future we will only do so where we have ‘provable consent’ acquired by way of either a verbal recorded agreement or a preference opt-in from our website form. Consent will be specific to marketing individuals about mis-sold pensions, investments, SIPPs and other similar investment products.
If an individual could not reasonably foresee how their data will be used it is important that further information be supplied to the individual concerned. Care should be taken not to collect personal data of which the individual is unaware.
Consent must be obtained if the purpose changes. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained. Processing may be necessary by way of legitimate interest for example; to operate Higgins & Co Lawyers Limited’s policies such as health and safety and equal opportunities.
Retention of Data
Higgins & Co Lawyers Limited will keep some forms of information for longer than others. All staff are responsible for ensuring that information is not kept for longer than necessary.
Quality of Data
Personal data should be adequate, relevant and not excessive in relation to the purpose or purposes for which the data is processed. Data should be kept to the minimum necessary to meet the stated purpose. Personal data should also be adequate and up to date.
LEGAL BASIS FOR PROCESSING TABLE – Higgins & Co Lawyers Limited