Privacy & Cookie Policy
Introduction
We are committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR), UK Data Protection Act 2018, Privacy and Electronic Communications Regulations (PECR), Solicitors Regulation Authority (SRA) Standards and Regulations, Social Media and WhatsApp Business Requirements. This policy outlines how we collect, use, store, and protect personal data, including data collected via our website or how you communicate with us through platforms such as WhatsApp and Social Media.
Legal Basis for Processing
In certain circumstances, Driscoll Kingston & Co may process special category data (such as health information or criminal records) and legally privileged information. When handling such data, we ensure compliance with the UK GDPR and the Data Protection Act 2018 by relying on an appropriate lawful basis under Article 6 and, where required, additional conditions under Article 9.
For legally privileged information, processing is conducted in accordance with our professional obligations, including solicitor-client confidentiality. Special category data is processed only where necessary for legal claims, substantial public interest, or with explicit consent.
Driscoll Kingston & Co is fully compliant with the Solicitors Regulation Authority (SRA) Code of Conduct for Firms, including:
- Principle 6 – Confidentiality and Information Security: We safeguard client data and ensure it is not misused or improperly disclosed.
- SRA Code of Conduct for Solicitors, RELs, and RFLs: We maintain strict confidentiality, using only secure systems to handle legally privileged information.
We process personal data based on the following lawful grounds under Article 6 of the GDPR:
- Consent: When you explicitly agree to receive communications or provide information.
- Contractual Necessity: When processing is necessary for the performance of a contract.
- Legal Obligations: When required to comply with legal or regulatory duties.
- Legitimate Interests: When processing is necessary for our business functions, provided it does not override your rights.
What Information We Collect
We may collect the following information:
- Name, contact details (email, phone number, address).
- Geographical location.
- Information provided via website forms, email inquiries, WhatsApp and social media interactions.
- Technical data (e.g., IP address, browser type) via cookies.
How We Use Your Data
Client data is handled separately from any marketing or analytics data to comply with regulatory obligations and maintain solicitor-client privilege. We do not use client data for advertising or targeted marketing. All personal and legally privileged data is processed strictly for legal purposes in accordance with the UK GDPR and the SRA Code of Conduct. We use your data to:
- Provide legal services and manage client relationships.
- Respond to enquiries and process requests.
- Improve website functionality and enhance user experience.
- Comply with legal obligations and regulatory requirements.
Data Security & Retention
We implement encryption, access controls, and secure storage to protect personal data, this includes:
- Encryption of sensitive information.
- Multi-factor otherwise known as 2 factor authentication (2MFA).
- Secure data storage solutions.
- Regular staff audits training.
Data is retained only for as long as necessary in line with our Data Retention Policy. Client data is typically retained for 6 years post-engagement and then archived, in compliance with Law Society recommendations and regulatory requirements, unless a longer period is required.
All information you provide to us is protected by solicitor-client confidentiality and legal professional privilege, meaning it will not be disclosed to third parties without your express consent, unless required by law or regulatory obligations.
Third-Party Data Processing
We may use third-party service providers (e.g., Google Analytics, Stripe, Complianz), regulatory bodies when required by law or our regulator, Meta for communication purposes to process data, all of whom are contractually obligated to comply with GDPR and to facilitate our legal services. This includes:
- Communication Platforms: We may use encrypted messaging services such as WhatsApp for client communications where appropriate.
- Customer Relationship Management (CRM) Systems: Client data may be stored in secure CRM systems to manage our legal services efficiently.
- Cloud Storage Providers: We use reputable cloud storage solutions that comply with UK GDPR and maintain strict security measures to protect your data.
No data is shared for direct marketing without explicit consent and data transfers outside the UK/EU comply with Standard Contractual Clauses (SCCs) or equivalent safeguards.
Cookies Policy
Our website uses cookies, including those from third-party services, to enhance functionality and improve user experience. Some third-party providers may track user activity across different websites. These include:
- Analytics Providers: We use tools such as Google Analytics to understand how users interact with our site.
- Embedded Services: Our site may include content from third-party platforms that set tracking cookies.
- Essential Cookies: Required for website operation.
- Analytics Cookies: Track user behaviour (requires consent).
- Marketing Cookies: Used for targeted advertising (requires consent).
WhatsApp Business Communications
If you contact us via WhatsApp Business, please note:
- Conversations may be processed by Meta and stored for security purposes.
- Messages are end-to-end encrypted, but we recommend avoiding sensitive data exchanges.
- By messaging us, you consent to data processing in line with this policy.
- We do not knowingly share client data with WhatsApp for marketing purposes. However, WhatsApp processes some data for service improvements, and Meta may use anonymised data to enhance its AI models. If you have concerns, we recommend using alternative communication methods.
Processing by Meta
Messages sent via WhatsApp may be processed by Meta, including metadata collection. While messages are end-to-end encrypted, clients should be aware that WhatsApp retains some data, including contact details and timestamps.
Confidentiality & Security
We use WhatsApp only when appropriate for client communications. Clients should avoid sharing highly sensitive information over WhatsApp and instead use our secure communication channels.
Opt-in Consent
Clients must explicitly opt-in before WhatsApp is used for communication. By agreeing to WhatsApp communications, you acknowledge and accept Meta's terms and data policies.
Your Data Rights
You have the following rights under GDPR:
- Right to Access: Request copies of your personal data.
- Right to Rectification: Correct inaccurate or incomplete data.
- Right to Erasure: Request deletion of your data.
- Right to Restrict Processing: Limit how your data is used.
- Right to Data Portability: Request transfer of your data to another entity.
- Right to Object: Challenge processing based on legitimate interests.
To exercise these rights, contact our Data Protection Officer (DPO) via the details below.
Data Breach Procedures
| Detection and Containment | Immediate action to stop further unauthorized access. |
| Assessment | Analysis of the data affected and potential risks. |
| Notification | If required, we will notify the Information Commissioner's Office (ICO) within 72 hours and affected individuals without undue delay. |
| Remediation | Implement corrective measures to prevent recurrence. |
| Documentation | Maintain a record of all breaches and remedial actions. |
Contact Information
Driscoll Kingston & Co Ltd
Address: 1st Floor, 5 St. Paul's Square, Liverpool, L3 9SJ, UK
Email: info@driscollkingston.co.uk
Phone: 0151 236 6093
Policy Review
We may update this policy periodically and we will do so revised in line with national policy and legislative changes. Any significant changes will be communicated via our website or email notifications.
Dated: 28/02/2025 | Version: 2