Data Controller: Kitcat & Co Solicitors of 28A Avenue Road, Malvern, WR14 3BG and the Data Protection Manager is David Kitcat (email@example.com).
Under the terms of data protection legislation, there are six grounds which justify data processing, namely
- consent of the data subject
- performance of a contract
- compliance with a legal obligation imposed on us
- vital interests of the data subject
- legitimate interests of the data controller or another person
- public interest
At least one of these grounds will always apply to any personal data we process.
The normal justification for us processing your data will be to enable us to perform our contract with you. You will receive more detailed information at the outset of your matter.
We may hold data in relation to other parties connected with our clients’ matters. This will usually be justified by the legitimate interests of our clients and will be restricted to data which is relevant to the work we are doing.
Data on suppliers may be held to enable us to fulfil our contracts with our suppliers and also, with the consent of suppliers, in order to instruct them on behalf of our clients when appropriate.
Rights of Data Subjects
Under data protection legislation, data subjects have the following rights:
- a right of access to the personal data that we hold about you including the right to ask us to provide a copy of any of it (however please note, in the case of third parties, this information may be subject to legal privilege and exempt from disclosure)
- the right to ask for your personal data to be destroyed (though not the automatic right to have it destroyed)
- the right to object to the processing of your personal data
- the right to withdraw your consent for the processing of personal data you have previously consented to
- the right to complain to the Information Commissioner
In addition, for your protection, we must abide by the data protection principles which are
- to process your personal data lawfully, fairly and in a manner that is transparent to you
- your personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
- your personal data must be adequate, relevant and limited to that which is necessary in relation to the purposes for which it is processed
- the personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- personal data must be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data is processed
- personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures