Data Privacy Notice

Homestead Legal Ltd

Introduction

A copy of this Data Privacy Notice is provided to all new clients and made available via our website. This Notice applies to clients (current and former), website users, and others whose data we may process in the course of providing legal services. Please read this Notice carefully to understand how and why we process your personal data and your rights in relation to it. We update this Notice from time to time; please refer to our website for the latest version.

Defined Terms

Definitions used in this Notice follow those set out in the UK GDPR, Data Protection Act 2018, and related guidance. Key definitions include:

  • Personal Data: Any information relating to an identifiable individual.
  • Special Category Data: Sensitive information such as health, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetics, biometrics, or sexual orientation.
  • Data Controller: The organisation determining the purpose and means of processing personal data.
  • Data Subject: The individual whose data is processed.
  • Data Protection Officer (DPO): The individual responsible for overseeing data protection compliance.

Scope

This Notice applies to all personal data processed by our firm in the course of providing legal services and operating our business, including client matters, employee data, and supplier data.

Policy Statement

Our firm is committed to compliance with the UK GDPR and Data Protection Act 2018. We act as Data Controller for data processed in our own business and when providing services to you. We will:

  • Process data lawfully, fairly and transparently
  • Collect data for specific, legitimate purposes
  • Keep data accurate and up to date
  • Store data securely and only as long as necessary
  • Respect your rights as a data subject

How We Collect and Use Your Personal Data

We may collect and use a range of personal data including:

  • Identification and contact details (name, gender, pronoun preference, date of birth, address, email, telephone)
  • Financial and transaction data (including income and expenditure, salary, occupation, details about payments to and from you and details of products and services you have purchased)
  • Credit history and credit reference information
  • Health information (such as medical records or health conditions)
  • Criminal records data (including driving or other convictions)
  • Details relevant to the matter we are handling
  • Employment, education, and family details where relevant
  • Health or other special category data where required
  • Technical data (e.g., website usage, IP address)
  • Audio recordings (eg calls)
  • Records of meetings and decisions
  • Information relating to compliments or complaints

We will only use your data for the purposes set out in this Notice.

Special Category and Criminal Offence Data

We may process special category or criminal offence data where necessary, including:

  • With your explicit consent
  • To carry out our legal obligations or defend legal claims
  • Where necessary for public interest or as required by law

Appropriate safeguards are in place to protect this information.

Failure to Provide Personal Data

If you fail to provide necessary personal data, we may be unable to provide services or fulfil our legal obligations. You will be notified if this is the case.

Methods of Collection

Personal data is collected:

  • Directly from you (e.g., in correspondence, forms, meetings)
  • From third parties (e.g., credit agencies, government authorities, counterparties)
  • Through use of our website or digital services

Purposes and Legal Bases for Processing

We process your data in accordance with lawful bases including:

  • Performance of contract (provision of legal services)
  • Compliance with legal and regulatory obligations
  • Our legitimate interests (business operations, improving services, defending claims)
  • Consent (where required, e.g., for certain marketing)

We may process data for additional compatible purposes or notify you if purposes change.

Marketing

We may contact you with information about our services where permitted. You may opt out of marketing at any time via the contact details provided.

Third-Party Websites

Our website may contain links to other websites. We are not responsible for the privacy policies of those sites; please check their notices.

Change of Purpose

We will only use your data for the purposes for which it was collected unless we reasonably consider there is a compatible lawful basis for further use. You will be notified of any significant changes.

Automated Decision-Making

We do not routinely make significant decisions about you using automated means. If this changes, you will be notified and may be entitled to request a review by a human.

Sharing Your Data

We may share your personal data with:

  • Other legal and financial professionals, experts, and third parties as required to carry out your instructions
  • Service providers (IT, case management system, archiving, administrative)
  • Regulatory authorities (e.g., SRA, HMRC, ICO)
  • Auditors and professional advisers
  • Other parties with your consent or as required by law

All third parties are required to respect the security of your data.

International Transfers

If your data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place.

Data Security

We take steps to protect your data, including:

  • Physical and electronic security measures
  • Restricted access to personal data
  • Regular staff training and security reviews
  • Procedures for dealing with suspected data breaches

You will be notified of any significant security breaches as required by law.

Data Retention

We retain your data only as long as necessary for the purposes collected, or as required by law and regulatory rules. Data may be anonymised or securely deleted thereafter.

We usually keep personal data in client files for 6 years after a matter is concluded, unless there is a valid reason to retain it for longer.

You may request the deletion of your personal data in certain circumstances. We may also anonymise data for research or statistical purposes, in which case it will no longer be linked to you.

Your Data Rights

You have rights under the UK GDPR including:

  • Right to access your data
  • Right to correction of inaccurate data
  • Right to deletion (in certain circumstances)
  • Right to restrict or object to processing
  • Right to data portability (where applicable)
  • Right to withdraw consent (where relied upon)

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

  • Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification – You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure – You have the right to ask us to delete your personal information.
  • Your right to restriction of processing – You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing – You have the right to object to the processing of your personal data.
  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

To exercise your rights, contact our Data Protection Officer (see below).

19. Data Protection Officer

If you have any questions or concerns about how we handle your data, or wish to exercise your rights, please contact our Data Protection Officer:

Data Protection Officer

Yulia Girshfeld

Homestead Legal Ltd

Office 104B, Diamond House 179-181 Lower Richmond Road, Richmond TW9 4LN

Email: info@homestead-legal.co.uk

Telephone: 020 8050 8870

You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.

 

 

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Updates to This Notice

We review our Privacy Notice regularly. Updates will be published on our website. Please check regularly for changes.