Phew.co.uk is the online marketing arm of Smart Legal. Phew is committed to protecting the privacy and security of your personal information (collectively referred to as “Smart Legal”, “Phew”, “Phew.co.uk”, “we”, “us” or “our”).
This Privacy Notice (“Notice”) describes how we collect and use personal information about you during and after your relationship with us, in accordance with the General Data Protection Regulation (“GDPR”). This includes whether you become a client of Smart Legal or contact us through one of our different electronic platforms and gives details of what to expect when you interact with Smart Legal online and how and what happens if we collect personal information through these interactions.
It is important that you read this Notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. Please note this Notice does not form part of any contract to provide services you may have with us from time to time.
We reserve the right to amend this Notice at any time without notice to you so, if required, please check to ensure that you are referring to the latest copy of this Notice. We may also notify you in other ways from time to time about the processing of your personal data.
This Notice was last updated on 25 March 2019.
Smart Legal of 6/7 St Mary at Hill, London, EC3R 8EE is a “data controller” for the purposes of the GDPR. This means that we are responsible for deciding how we hold and use personal information about you.
If you have any questions about this Notice or how we handle your personal information, please contact the “Data Protection Officer” at the above address, or alternatively, by email at firstname.lastname@example.org
You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the opportunity to attend to your concerns before you approach the ICO. Therefore, kindly contact us if you have any concerns.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed for official purposes.
Generally, we do not rely on consent as a legal basis for processing your personal data and we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. If it becomes necessary to obtain your consent, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of any contract with us that you agree to any request for consent from us and you will be able to withdraw your consent at any time.
Visitors to our websites/apps
Any data that you submit using a form on our websites or applications (e.g. your name, telephone number, email address) will only be held by us for the purpose for which it is needed and for the shortest amount of time required. For example, if you make an enquiry that we are unable to assist you with, your contact form will be deleted. If your enquiry results in you becoming a client of the firm, then your data will be stored as part of your client record and kept in accordance with the requirements relating to client records (in respect of which you will be advised separately on entering a retainer).
We do not currently have a mailing list for you to subscribe to. In any event, your data will not be disclosed to any third parties without your consent or as otherwise allowed by the relevant data protection legislation and will only be used for responding to your query (or purposes associated with that purpose).
People who make a complaint to us
When we receive a complaint from a person we create a file which will contain the details of the person complaining and other relevant details (including details of other people) that are relevant to the complaint. We only use this information for the purposes of investigating and responding to the complaint. We do compile and review statistics showing information about the number of complaints we receive but aside from reports that are provided to our regulators or auditors engaged in quality control of our business, none of these reports are published externally and, if they were, would not include personal information that would enable any individual to be identified.
We will keep personal information contained in complaint files in line with our retention policy for client files. This means that information relating to a complaint will be retained at least six years from closure within our case management system and thereafter disposed of without reverting to you.
Disclosure of personal information
We will only disclose personal data to third parties where permitted to do so by law and in the normal course of our business. There are times where it will not be realistic to get your express permission in connection with each and every disclosure of this nature. If you have any concerns that any of your data has been incorrectly shared, then this should be raised with us through our standard procedures – the Complaints Procedure in respect of clients.
Transfers of data outside the EEA
We may also be required to transfer your personal data outside the EU. The GDPR restricts data transfers to countries outside the EEA in order to ensure that the level of data protection afforded to individuals by the GDPR is not undermined. We transfer personal data originating in one country across borders when we transmit, send, view or access that data in or to a different country.
We may transfer Personal Data outside the EEA if one of the following conditions applies:
- the European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms;
- appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism;
- you have provided explicit consent to the proposed transfer after being informed of any potential risks; or
- the transfer is necessary for one of the other reasons set out in the GDPR including the performance of your contract with us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.
If you have any questions about the transfer of data outside the EEA, please contact us for further information.
You have a right to access the personal data we hold about you. You may ask us to rectify or erase the personal data we hold about you or to restrict the processing we carry out. You can also object to the way we are processing your personal data or request that we transfer it to a third party.
For a full list of your rights and how these can be exercised, please visit www.ico.org.uk/your-data-matters for further details. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing at Data Protection Officer, Smart Legal, 6/7 St Mary at Hill, London, EC3R 8EE or alternatively, by email at email@example.com
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We publish the website through a third-party platform, WordPress.com. These sites are hosted at WordPress.com, which is run by Automattic Inc. There is a built-in service within the platform which also collects anonymous information about user’s activity on the site, for example the number of users viewing pages on the site and to monitor and report on the effectiveness of the site.