Data Protection and Privacy Notice
Beacon Legal Management and Compliance is the trading name of Stuart Blake, of 7 Trefoil Close, Worcester WR5 3QR (“BLMC”).
BLMC is subject to the provisions of the Data Protection Act 2018 which incorporates the EU General Data Protection Regulation (“GDPR”). BLMC is a Data Controller and a Data Processor but is not required under the Data Protection Act 2018 to appoint a Data Protection officer and has not done so. All enquiries regarding data protection within BLMC should be directed to Stuart Blake at the address given above, or by email to firstname.lastname@example.org, or by ‘phone to 07530 702175. BLMC is registered with the Information Commissioner in England and Wales and the registration number is ZA431760.
Under the terms of the Data Protection Act 2018, there are six grounds which justify data processing, namely
- consent of the data subject [you]
- performance of a contract [i.e. carrying out the work you have instructed us to do]
- compliance with a legal obligation imposed on us
- vital interests of the data subject [you]
- legitimate interests of the data controller [us or the controller instructing us]
- public interest
At least one of these will always apply in respect of any of your data we process.
BLMC is classed as a Data Controller when we have a direct relationship or connection with you and in these circumstances we will process data about you primarily in order to set up and perform a contract with you. It may be necessary to process your data on the basis of a legal obligation, for example if we have reason to believe that a crime is being committed of a nature which we are legally obliged to report. It may also be necessary to process data for our own legitimate interests if, for example, you owe us money.
Where BLMC processes data about other people under a contract with you, we will do so as Data Processor, relying on the legal bases you have established for processing.
BLMC does not process sensitive personal data as defined by Article 9 of the GDPR or data concerning criminal offences and convictions as defined by Article 10 of the GDPR.
We use the data we process to provide consultancy services and to undertake quality assessments, including planning, auditing and reporting.
We do not send data outside the UK.
We keep data for a maximum of three years after the end of a contractual or business relationship to enable us to support clients by referring back and to enable us to ensure that, for assessment clients, we audit a cross section of individuals over a three-year period.
Electronic data is deleted from our system and backups at the appropriate time and confidential papers including personal and commercially sensitive data are disposed of using a registered confidential waste contractor.
Under data protection legislation, as a data subject you have the following rights:
- a right of access to the personal data that we hold about you including the right to ask us to provide a copy of any of it.
- the right to ask for your personal data to be destroyed (though not the automatic right to have it destroyed)
- the right to object to the processing of your personal data
- the right to withdraw your consent for the processing of personal data you have previously consented to
- the right to complain to the Information Commissioner (ico.org.uk)
In addition, for your protection, we must abide by the data protection principles which are
- to process your personal data lawfully, fairly and in a manner that is transparent to you
- your personal data must be collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes
- your personal data must be adequate, relevant and limited to that which is necessary in relation to the purposes for which it is processed
- the personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay
- personal data must be kept in a form which permits identification of you for no longer than is necessary for the purposes for which the personal data is processed
- personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Disclosures to third parties
We do not sell data to, or share it with, anyone except as set out below.
We may be required to disclose confidential information to the Solicitors Regulation Authority (“SRA”) (for regulatory purposes), our advisers, including our legal advisers, and our insurers (for the purpose of enabling us to make full notification to our insurers of circumstances arising from work we undertake for you which may result in an insurance claim). All of these are obliged to keep all such information confidential. Sharing of data in these circumstances will be justified by legal obligations imposed on us and/or our own legitimate interests.
If we are required compulsorily by law to disclose documents or give information relating to your affairs pursuant to a court order or notice or demand served by any person with authority to compel such disclosure, we shall comply. We shall be entitled to payment by you for the costs of such compliance at our then existing hourly rates. Sharing data in these circumstances is justified by the legal obligation imposed on us.
We may disclose relevant information to any person or company authorised by us to undertake debt collection activity against you. This is justified by our legitimate interests